On Tue, 25 Jan 2000, Wichert Akkerman wrote: > Previously Santiago Vila wrote: > > How do we want these files to be? > > > > a) All of them should be root.root. > > b) All of them should be root.adm. > > c) This should not be covered by policy. > > I would say c) and let common sense decide. Generally the idea is: > > 1. logfiles which don't contain sensitive data should be readable > by everyone. Which group they have doesn't really matter. > 2. logfiles which contain sensitive data should only readable by > root and admins, and thus be owned by root.adm and mode 640.
I remember filing a bug about ppp.log, which was readable only by group adm, whereas it ought to be readable by group dip. I think the problem was tied to some sort of conflict because of the use of logrotate or some other logging-facility program. IMO, it should still belong to root.dip -- Jean-Christophe Dubacq
