On Tue, 2011-09-27 at 11:35 +0200, Natxo Asenjo wrote: > The standard fai log permissions are too generous: 644 for all the log > files in /var/log/fai/localhost/install-date. If you use debconf to > set passwords, then those passwords are readable to anyone with shell > access. > > Is this issue still in the most recent fai?
While I see how it can be a problem for some use cases, I personally do not have any sensitive information in the logs and find it very convenient to be able to check the logs while being logged on as myself on the FAI server. If any changes are planned in the permissions of the logs, please make it a user-configurable option rather than hard-coding any specific value. Toomas Tamm
