Bug#35504: [PROPOSAL] Permissions of /var/log.
>>"Santiago" == Santiago Vila <sanvila@unex.es> writes:
>> Previously Santiago Vila wrote:
>> > How do we want these files to be?
>> >
>> > a) All of them should be root.root.
>> > b) All of them should be root.adm.
>> > c) This should not be covered by policy.
>>
>> I would say c) and let common sense decide. Generally the idea is:
>>
>> 1. logfiles which don't contain sensitive data should be readable
>> by everyone. Which group they have doesn't really matter.
>> 2. logfiles which contain sensitive data should only readable by
>> root and admins, and thus be owned by root.adm and mode 640.
Santiago> Ok, this means root.adm is a better default than root.root.
Actually, I think he said that this should not go into policy
in the first place. What are your arguments for not letting the
maintainer decide this on their own?
Santiago> The /var/log directory should have permissions 2775
Santiago> (group-writable and set-group-id) and be owned by root.adm.
Again, your justfication of the group writable clause?
Santiago> Rationale: root.adm is a better default than root.root.
Better? This is not a rationale, this is an opinion, with
nothing technical backing it up.
Santiago> I am now looking for seconds for this proposal.
Please put a little more effort into this; and please justify
why things should go into policy. Not every idea belongs there, even
if it a good one (and you have not shown why this is actually a good
idea).
manoj
--
Success is the result of behavior that completely contradicts the
usual expectations about the behavior of a successful person. --
Felix R. Paturi
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: