Re: Permissions of /var/log
On Tue, 25 Jan 2000, Wichert Akkerman wrote:
> Previously Santiago Vila wrote:
> > How do we want these files to be?
> >
> > a) All of them should be root.root.
> > b) All of them should be root.adm.
> > c) This should not be covered by policy.
>
> I would say c) and let common sense decide. Generally the idea is:
>
> 1. logfiles which don't contain sensitive data should be readable
> by everyone. Which group they have doesn't really matter.
> 2. logfiles which contain sensitive data should only readable by
> root and admins, and thus be owned by root.adm and mode 640.
I remember filing a bug about ppp.log, which was readable only by group
adm, whereas it ought to be readable by group dip. I think the problem
was tied to some sort of conflict because of the use of logrotate or
some other logging-facility program. IMO, it should still belong to
root.dip
--
Jean-Christophe Dubacq
Reply to: