Bug#35504: [PROPOSAL] Permissions of /var/log.

[Santiago Vila <sanvila@unex.es>]

On Tue, 28 Mar 2000, Wichert Akkerman wrote:

> Previously Santiago Vila wrote:
> > The /var/log directory should have permissions 2775 (group-writable and
> > set-group-id) and be owned by root.adm.
> 
> Why group writeable?

Good question. These are the permissions Bruce Perens gave to the /var/log
directory a long time ago, and there is a similar policy for the
/usr/local directory, so I based my first draft on this.

Anyway, since noone think it is a good idea, I withdrawn the
group-writable part. I modify my proposal to this:

-----------------------------------------------------------------------
The /var/log directory should have permissions 2755 (set-group-id)
and be owned by root.adm.
-----------------------------------------------------------------------

Rationale: If group of logfiles which don't contain sensitive data does
not matter and logfiles which contain sensitive data should be owned by
root.adm, then root.adm is a better default than root.root.

Manoj wrote:
> What are your arguments for not letting the maintainer decide this on
> their own?

This policy will still let the maintainer to decide this on their own.


I am still looking for seconds for this modified proposal. If you think
this policy is harmful, please object and I'll drop it entirely.

Thanks.

-- 
 "624683a2cc2372410330d8e82fa3ee07" (a truly random sig)