Am 04.08.2017 um 11:27 schrieb Mark Charter: > Michael, > > Thanks for your reply. > > /var/log/btmp should not be world readable because a common cause of > login failures is to give password instead of username, which would > result in passwords being world readable. See Debian bug 341883: >
Hm, if that is the case that passwords are logged to that file, do we really want to make that file read/writable by group utmp? The Debian policy [1] only says that /var/log/wtmp,lastlog and /var/run/utmp should be writable by group utmp. Given that, wouldn't it be a safer default to have 0600 root:root for /var/log/btmp as systemd creates it? Michael [1] https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s11.3
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
