At the moment systemd sets the permissions/ownership on /var/log/btmp to 0600 root:utmp (in /usr/lib/tmpfiles.d/var.conf).
If all the programs that need to read or write /var/log/btmp are already running with root privileges, then 0600 seems OK, and ownership might as well be root:root. This would require changes to /etc/logrotate.conf (in the logrotate package) and the post-installation script of the base-files package, otherwise the permissions on /var/log/btmp may change across reboots and logfile rotations. Mark. Michael Biebl writes: > Am 04.08.2017 um 11:27 schrieb Mark Charter: > > Michael, > > > > Thanks for your reply. > > > > /var/log/btmp should not be world readable because a common cause of > > login failures is to give password instead of username, which would > > result in passwords being world readable. See Debian bug 341883: > > > > Hm, if that is the case that passwords are logged to that file, do we > really want to make that file read/writable by group utmp? > > The Debian policy [1] only says that /var/log/wtmp,lastlog and > /var/run/utmp should be writable by group utmp. > > Given that, wouldn't it be a safer default to have 0600 root:root for > /var/log/btmp as systemd creates it? > > Michael > > [1] > https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s11.3 > > x[DELETED ATTACHMENT signature.asc, application/pgp-signature] _______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
