Bug#525074: /var/log/apt/term.log is mode 0600
Package: apt
Version: 0.7.21
Severity: minor
Tags: patch
/var/log/apt is a new feature of APT in Lenny; I'm glad to see it,
and I'm sure lots of other people would be grateful too if there was
any mention of it in the documentation or changelog!
Unlike /var/log/dpkg.log (which is readable for the adm group) or
/var/log/aptitude (which is simply world-readable), and even unlike
the /var/log/apt directory itself (mode 0755), the term.log files
created within it are accessible only to the superuser.
Now, I'm no programmer, but a grep through the sources shows me a
line in apt-pkg/deb/dpkgpm.cc that goes:
chmod(logfile_name.c_str(), 0600);
Now, I have no idea why this line is present, but changing it to
0644, rebuilding, crossing my fingers, and installing fixes my bug.
Of course, even if you agree that 0600 is wrong you might prefer to
make it come out as "root:adm 0640", but that would be beyond my
trivial patching abilities.
--
JBR
Ankh kak! (Ancient Egyptian blessing)
--- ../apt-0.7.21/apt-pkg/deb/dpkgpm.cc 2009-04-14 13:20:29.000000000 +0100
+++ apt-pkg/deb/dpkgpm.cc 2009-04-21 21:31:35.000000000 +0100
@@ -524,7 +524,7 @@
if (!logfile_name.empty())
{
term_out = fopen(logfile_name.c_str(),"a");
- chmod(logfile_name.c_str(), 0600);
+ chmod(logfile_name.c_str(), 0644);
// output current time
char outstr[200];
time_t t = time(NULL);
Reply to: