Bug#314956: Excess permission or bad ownership on file /var/log/btmp
Package: openssh-server
Version: 1:4.1p1-4
openssh 4.x now tries to append to /var/log/btmp (on bad passwords for
example), but it's excessively anal about the permissions on that file. it
doesn't permit group or other to have any of read/write/execute.
the default debian setup is this:
-rw-rw-r-- 1 root utmp 3840 Jun 18 14:40 /var/log/btmp
and there are legit reasons for group utmp writability... such as:
-rwxr-sr-x 1 root utmp 306616 Nov 14 2004 /usr/bin/screen
i really don't know what to recommend as the right fix for this... you
could disable USE_BTMP entirely, which was the pre-4.0 behaviour anyhow.
or modify it to permit the debian perms...
-dean
Reply to: