Re: Permissions of /var/log
Previously Santiago Vila wrote:
> How do we want these files to be?
>
> a) All of them should be root.root.
> b) All of them should be root.adm.
> c) This should not be covered by policy.
I would say c) and let common sense decide. Generally the idea is:
1. logfiles which don't contain sensitive data should be readable
by everyone. Which group they have doesn't really matter.
2. logfiles which contain sensitive data should only readable by
root and admins, and thus be owned by root.adm and mode 640.
Wichert.
Reply to: