Bug#661848: please respect sys admin set perms in /var/log/apt
Package: apt
Version: 0.8.10.3+squeeze1
Severity: normal
Hi,
Please respect the sys admin set perms for the files in /var/log/apt .
I set these perms so that they satisfy my own security requirements by
using cfengine. I maintain that it is not appropriate for apt to change
them whenever it runs, other than on initial install or re-install.
/var/log/apt/term.log had permission 600, changed it to 644
It appears that /var/log/history.log in not affected by this bug.
Thanks,
--
Jeffrey Sheinberg
-- Package-specific info:
-- apt-config dump --
APT "";
APT::Architecture "i386";
APT::Build-Essential "";
APT::Build-Essential:: "build-essential";
APT::Install-Recommends "false";
APT::Install-Suggests "false";
APT::Acquire "";
APT::Acquire::Translation "environment";
APT::Authentication "";
APT::Authentication::TrustCDROM "true";
APT::NeverAutoRemove "";
APT::NeverAutoRemove:: "^firmware-linux.*";
APT::NeverAutoRemove:: "^linux-firmware$";
APT::NeverAutoRemove:: "^linux-image.*";
APT::NeverAutoRemove:: "^kfreebsd-image.*";
APT::NeverAutoRemove:: "^linux-restricted-modules.*";
APT::NeverAutoRemove:: "^linux-ubuntu-modules-.*";
APT::Never-MarkAuto-Sections "";
APT::Never-MarkAuto-Sections:: "metapackages";
APT::Never-MarkAuto-Sections:: "restricted/metapackages";
APT::Never-MarkAuto-Sections:: "universe/metapackages";
APT::Never-MarkAuto-Sections:: "multiverse/metapackages";
APT::Never-MarkAuto-Sections:: "oldlibs";
APT::Never-MarkAuto-Sections:: "restricted/oldlibs";
APT::Never-MarkAuto-Sections:: "universe/oldlibs";
APT::Never-MarkAuto-Sections:: "multiverse/oldlibs";
APT::Clean-Installed "off";
APT::Get "";
APT::Get::Show-Upgraded "true";
APT::Get::List-Cleanup "false";
APT::Default-Release "";
APT::Cache-Limit "30000000";
APT::Periodic "";
APT::Periodic::Enable "0";
APT::Periodic::BackupArchiveInterval "0";
APT::Periodic::BackupLevel "0";
APT::Periodic::MaxAge "0";
APT::Periodic::MinAge "0";
APT::Periodic::MaxSize "0";
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::Download-Upgradeable-Packages-Debdelta "0";
APT::Periodic::Unattended-Upgrade "0";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Verbose "1";
Dir "/";
Dir::State "var/lib/apt/";
Dir::State::lists "lists/";
Dir::State::cdroms "cdroms.list";
Dir::State::mirrors "mirrors/";
Dir::State::extended_states "extended_states";
Dir::State::status "/var/lib/dpkg/status";
Dir::Cache "var/cache/apt/";
Dir::Cache::archives "archives/";
Dir::Cache::srcpkgcache "srcpkgcache.bin";
Dir::Cache::pkgcache "pkgcache.bin";
Dir::Etc "etc/apt/";
Dir::Etc::sourcelist "sources.list";
Dir::Etc::sourceparts "sources.list.d";
Dir::Etc::vendorlist "vendors.list";
Dir::Etc::vendorparts "vendors.list.d";
Dir::Etc::main "apt.conf";
Dir::Etc::netrc "auth.conf";
Dir::Etc::parts "apt.conf.d";
Dir::Etc::preferences "preferences";
Dir::Etc::preferencesparts "preferences.d";
Dir::Etc::trusted "trusted.gpg";
Dir::Etc::trustedparts "trusted.gpg.d";
Dir::Bin "";
Dir::Bin::methods "/usr/lib/apt/methods";
Dir::Bin::dpkg "/usr/bin/dpkg";
Dir::Media "";
Dir::Media::MountPath "/media/apt";
Dir::Log "var/log/apt";
Dir::Log::Terminal "term.log";
Dir::Log::History "history.log";
Dir::Ignore-Files-Silently "";
Dir::Ignore-Files-Silently:: "~$";
Dir::Ignore-Files-Silently:: "\.disabled$";
Dir::Ignore-Files-Silently:: "\.bak$";
Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$";
DPkg "";
DPkg::Pre-Install-Pkgs "";
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt --headers || test $? -ne 10";
DPkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true";
DPkg::Tools "";
DPkg::Tools::Options "";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
DPkg::Post-Invoke "";
DPkg::Post-Invoke:: "if [ -x /usr/bin/debsums ]; then /usr/bin/debsums --generate=nocheck -sp /var/cache/apt/archives; fi";
DPkg::Post-Invoke:: "dtag=/etc/cron.daily/debtags; if test -x ${dtag}; then ${dtag}; fi; true";
DPkg::Post-Invoke:: "if [ -x /usr/sbin/localepurge ] && [ $(ps w -p $PPID | grep -c remove) != 1 ]; then /usr/sbin/localepurge; else exit 0; fi";
DPkg::Post-Invoke:: "dloc=/etc/cron.daily/dlocate; if test -x ${dloc}; then ${dloc}; fi; true";
DSelect "";
DSelect::Clean "auto";
CommandLine "";
CommandLine::AsString "apt-config dump";
-- /etc/apt/preferences --
# /etc/apt/preferences - see apt_preferences(5) for details.
#
# The following priorities apply to the target release, ie, the
# "Default-Release", as specified in "/etc/apt/apt.conf",
#
# 100 : the installed version, if any
# 500 : versions not installed that do not belong to the target release
# 990 : versions not installed that belong to the target release
#
# If the target release has not been specified then APT simply assigns priority
# 100 to all installed package versions and priority 500 to all uninstalled
# package versions.
#
# Priority key table, (subject to APT's rules),
#
# P > 1000 : install this version, even if it is a downgrade.
# 990 < P <= 1000 : install this version, even if it does not come from the
# target-release, unless the installed version is newer.
# 500 < P <= 990 : install this version, unless (there is a version available
# that comes from the target-release, or the installed
# version is newer).
# 100 < P <= 500 : install this version, unless (there is a version available
# from some other distro, or the installed version is newer).
# 0 < P <= 100 : install this version, only if the package is not installed.
# P < 0 : prevents this version from being installed.
#
#
# For distro=squeeze as stable.
Package: *
Pin: release a=stable v=6.0*
Pin-Priority: 410
#
# For distro=wheezy as testing.
Package: *
Pin: release a=testing
Pin-Priority: 400
#
# For distro=sid as unstable.
Package: *
Pin: release a=unstable
Pin-Priority: 300
#
# No longer needed for distro=squeeze-backports and beyond,
# see "http://backports.debian.org/Instructions/"; for details.
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
-- /etc/apt/sources.list --
# /etc/apt/source.list - list of package sources for apt.
#
# See sources.list(5) for more information, especially
# Remember that you can only use http, ftp or file URIs
# CDROMs are managed through the apt-cdrom tool, though this may now be okay,
# deb file:///cdrom/ sarge main
# Files are fetched in the order that the URIs are specified, top to bottom.
#
# ----------------------------------------------------------------------
# -- Edited in place by "apt-cdrom add" - do not edit by hand!
# --
# --
# -- Edited in place by "apt-cdrom add" - end of section.
# ----------------------------------------------------------------------
# ==== Built by "apt_gen_asl" shell function using,
#
# stable = squeeze
# testing = testing
# unstable = unstable
# ----------------------------------------------------------------------
# ==== Local Repositories ====
# Kernel images.
#deb file:/home/jsroot/kernel-compile/ ./
# Packages - built from *-src, or removed, or repacked.
deb file:/home/jeff/debian/squeeze/ pkgs-squeeze/
#deb file:/home/jeff/debian/testing/ pkgs-testing/
# ----------------------------------------------------------------------
# ==== Official Debian Repositories ====
#
# The _current_ "stable" release distro.
#
deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
#deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb http://security.debian.org/debian-security/ squeeze/updates main contrib non-free
# The opera "final" release from the Opera Packaging Team <packager@opera.com>.
deb http://deb.opera.com/opera/ squeeze non-free
# Get a head start on the next minor release.
deb http://http.us.debian.org/debian/ squeeze-updates main contrib non-free
deb http://http.us.debian.org/debian/ squeeze-proposed-updates main contrib non-free
# Backports are only relevant for a "testing" release relative to its
# corresponding "stable" release.
deb http://backports.debian.org/debian-backports/ squeeze-backports main contrib non-free
#deb-src http://backports.debian.org/debian-backports/ squeeze-backports main contrib non-free
# The official mozilla "release" as backported by the Debian Mozilla APT team.
deb http://mozilla.debian.net/ squeeze-backports icedove-release
deb http://mozilla.debian.net/ squeeze-backports iceweasel-release
# Note - since we use "backports", rather than "backports-sloppy", it is not a
# problem when the "testing" distro morphs into "stable" at release time.
#
# The _next_ "testing" release distro.
#
#deb http://ftp.us.debian.org/debian/ testing main contrib non-free
#deb-src http://ftp.us.debian.org/debian/ testing main contrib non-free
#deb http://security.debian.org/debian-security/ testing/updates main contrib non-free
# The opera "final" release from the Opera Packaging Team <packager@opera.com>.
#deb http://deb.opera.com/opera/ testing non-free
#
# The _permanent_ "unstable" release distro.
#
#deb http://ftp.us.debian.org/debian/ unstable main contrib non-free
#deb-src http://ftp.us.debian.org/debian/ unstable main contrib non-free
#
# Instead of "ftp.us.debian.org" use "http.us.debian.org" for parallel d/l's.
# ----------------------------------------------------------------------
# ==== Other possible mirrors, these are known to be good... ====
#deb http://debian.mirror.iweb.ca/debian-backports/ distro-backports main contrib non-free
#deb http://debian.mirror.rafal.ca/debian-backports/ distro-backports main contrib non-free
#deb http://debian.cs.binghamton.edu/debian-backports/ distro-backports main contrib non-free
#deb http://mirror.mycre.ws/debian-backports/ distro-backports main contrib non-free
#deb http://backports.debian.org/debian-backports/ distro-backports main contrib non-free
#deb http://volatile.debian.net/debian-volatile/ distro/volatile main contrib non-free
#
#deb http://debian.crosslink.net/debian/ distro main contrib non-free
#deb http://http.us.debian.org/debian/ distro main contrib non-free
#deb http://ftp.us.debian.org/debian/ distro main contrib non-free
#deb http://debian.yorku.ca/debian/ distro main contrib non-free
#deb http://mirror.direct.ca/pub/linux/debian/ distro main contrib non-free
#deb ftp://ftp3.nrc.ca/debian/ distro main contrib non-free
#deb ftp://sunsite.ualberta.ca/debian/ distro main contrib non-free
#deb http://ftp.digex.net/pub/debian/ distro main contrib non-free
# ----------------------------------------------------------------------
# Note - The URI is used to locate the package index file, ie, "Packages"
# for type "deb", and "Sources" for type "deb-src", while the
# "Filename" reference within the "Packages" file is relative to
# the URI.
#
# In the following examples "distro" stands for, eg, "stable",
# "testing", "sid", etc.
#
#deb file:/home/jeff/debian/distro/ pkgs-distro/
# is ".../home/jeff/debian/distro/pkgs-distro/Packages", while the "Filename"
# reference in ".../Packages" is relative to ".../home/jeff/debian/distro/".
#
#deb http://security.debian.org/debian-security/ distro/updates main
# is "...org/debian-security/dists/distro/updates/main/binary-$(ARCH)/Packages",
# while the "Filename" reference in ".../Packages" is relative to
# "...org/debian-security/".
#
#deb-src http://ftp.us.debian.org/debian/ distro main contrib non-free
# is "...org/debian/dists/distro/{main,contrib,non-free}/source/Sources".
#
#deb file:/cdrom/debian/ distro main
# is ".../cdrom/debian/dists/distro/main/binary-$(ARCH)/Packages".
# ----------------------------------------------------------------------
# /etc/apt/sources.list - end of file.
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.2.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt depends on:
ii debian-archive-keyring 2010.08.28 GnuPG archive keys of the Debian a
ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.5-8 GCC support library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
apt recommends no packages.
Versions of packages apt suggests:
ii apt-doc 0.8.10.3+squeeze1 Documentation for APT
ii aptitude 0.6.3-3.2+squeeze1 terminal-based package manager (te
ii bzip2 1.0.5-6+squeeze1 high-quality block-sorting file co
ii dpkg-dev 1.16.1.1~bpo60+2 Debian package development tools
ii lzma 4.43-14 Compression method of 7z format in
ii python-apt 0.7.100.1+squeeze1 Python interface to libapt-pkg
-- no debconf information
Reply to: