Re: Permissions of /var/log

To: Debian Policy <debian-policy@lists.debian.org>
Subject: Re: Permissions of /var/log
From: Santiago Vila <sanvila@unex.es>
Date: Tue, 25 Jan 2000 18:09:28 +0100 (CET)
Message-id: <[🔎] Pine.LNX.3.96.1000125180356.4995A-100000@cantor.unex.es>
In-reply-to: <[🔎] 20000125162010.A25515@cistron.nl>

On Tue, 25 Jan 2000, Wichert Akkerman wrote:

> Previously Santiago Vila wrote:
> > How do we want these files to be?
> > 
> > a) All of them should be root.root.
> > b) All of them should be root.adm.
> > c) This should not be covered by policy.
> 
> I would say c) and let common sense decide. Generally the idea is:
> 
> 1. logfiles which don't contain sensitive data should be readable
>    by everyone. Which group they have doesn't really matter.
> 2. logfiles which contain sensitive data should only readable by
>    root and admins, and thus be owned by root.adm and mode 640.

Makes sense. I forgot to tell the reason for this question:

base-files (don't ask me why, I inherited this from the previous
maintainer :-) currently has /var/log as root.adm and set-gid, trying to
encourage b), but has no real effect because other packages containing
/var/log have it as root.root being the end result that /var/log is
root.root in the base system (i.e. base2_1.tgz).

What I'm trying to determine (among other things) is whether:

a) Having /var/log as root.adm and set-gid is definitely a good thing.
b) Having /var/log as root.adm and set-gid is definitely a bad thing.

Thanks.

-- 
 "3f5e62830c01643d3c68d26997f6b0d3" (a truly random sig)

Reply to:

References:
- Re: Permissions of /var/log
  - From: Wichert Akkerman <wichert@cistron.nl>

Prev by Date: Re: missing FHS archives
Next by Date: Re: missing FHS archives
Previous by thread: Re: Permissions of /var/log
Next by thread: Re: Permissions of /var/log
Index(es):
- Date
- Thread