On Thu, Aug 28, 2008 at 01:05:19PM +0200, Johan Walles wrote:
2008/8/28 Giacomo A. Catenazzi <cate@debian.org>:
auth.log was invented for this reason, and separated to standard log:
it should be readable only by root, because users do errors.
It's readable by anybody with physical access to the hardware.
Hard disks get stolen all the time [1], and on publicly accessible
machines it's often possible to boot in runlevel 1 or from something
other than the hard disk and access any files you like. That's why
the passwords in /etc/shadow are all hashed, rather than just being
chmodded.