On Tue, 25 Jan 2000, Wichert Akkerman wrote: > Previously Santiago Vila wrote: > > How do we want these files to be? > > > > a) All of them should be root.root. > > b) All of them should be root.adm. > > c) This should not be covered by policy. > > I would say c) and let common sense decide. Generally the idea is: > > 1. logfiles which don't contain sensitive data should be readable > by everyone. Which group they have doesn't really matter. > 2. logfiles which contain sensitive data should only readable by > root and admins, and thus be owned by root.adm and mode 640.
Makes sense. I forgot to tell the reason for this question: base-files (don't ask me why, I inherited this from the previous maintainer :-) currently has /var/log as root.adm and set-gid, trying to encourage b), but has no real effect because other packages containing /var/log have it as root.root being the end result that /var/log is root.root in the base system (i.e. base2_1.tgz). What I'm trying to determine (among other things) is whether: a) Having /var/log as root.adm and set-gid is definitely a good thing. b) Having /var/log as root.adm and set-gid is definitely a bad thing. Thanks. -- "3f5e62830c01643d3c68d26997f6b0d3" (a truly random sig)
