[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: log permissions

On Fri, 3 Nov 2000, Ian wrote:

> I have a slink->potato->woody server, and I am a little concerned about
> the permissions some of the log files in /var/log have. 
> [....] 
> why are these files read by all? I have "normal" users on my system, and
> although I trust them, these kinds of permissions make me feel a little
> paranoid. ie: they could be used by someone to investigate system use,
> etc.. 


if you have all logfiles owned by root you can make access to the /var/log
for root and utmp group only (chmod 750)

if you have a logfile of another user (mail for ex.) you can leave the
permission as setted but no read/write for others and the /var/log must be
open for all

***  all the logfiles owned by root and group root might be readed only by
root (chmod 600)  ***

pay attention for files of group utmp that might be readed/writed from
this group.


3		http://www.trek.eu.org/
k		PGPKey: 7016731A57D4A69B 1A8EE5E90EF2608E (since 1995)

Reply to: