On Thu, Mar 30, 2000 at 09:21:17PM +0100, Mark Baker wrote:
> > exim for example uses mail.mail for ownership of its log files, but mode
> > 640...
>
> They probably should be group adm, though.
Please change them to adm, then.
--
Digital Electronic Being Intended for Assassination and Nullifi
On Fri, 31 Mar 2000, Wichert Akkerman wrote:
> No, group mail is a valid group for these logfiles (it allows
> listmasters to check the logs for example).
Too many other things are group mail for that to be reasonable, like user
mail boxes for instance. Stuff that is adm is limited to log files
Previously Mark Baker wrote:
> They probably should be group adm, though.
No, group mail is a valid group for these logfiles (it allows
listmasters to check the logs for example).
Wichert.
--
/ Generally uninteresting signatu
On Thu, 30 Mar 2000, Mark Baker wrote:
> They probably should be group adm, though.
I would like that, it is annoying to have to add all the admin people to
all sorts of groups (with unknown other repercussions) just so they can
read logs.
I think group adm should allow the reading of most, if
On Wed, Mar 29, 2000 at 02:41:44PM +0200, Josip Rodin wrote:
> > Files created by root inside /var/log would be root.adm by default, not
> > root.root by default.
>
> I agree, that would be quite useful. Most of the files in there are already
> set up that way, but some aren't, and that makes peo
Previously Herbert Xu wrote:
> This is going to allow adm members to delete/create logfiles, probably not
> what you intended.
And modify even..
Wichert.
--
/ Generally uninteresting signature - ignore at your convenience \
|
Previously [EMAIL PROTECTED] wrote:
> Better yet, read-only access to group adm and no access to world? So
> permissions 275.? Should the /var/log directory be itself be
> viewable/listable by world?
Why? Group adm is only there for sensitive logs (some logs can contain
things like passwords).
Wi
On Wed, Mar 29, 2000 at 01:56:31PM +0200, Santiago Vila wrote:
> > > ---
> > > The /var/log directory should have permissions 2755 (set-group-id)
> > > and be owned by root.adm.
> > > ---
On Wed, 29 Mar 2000, Seth R Arnold wrote:
> * Santiago Vila <[EMAIL PROTECTED]> [000329 01:47]:
> > ---
> > The /var/log directory should have permissions 2755 (set-group-id)
> > and be owned by root.adm.
> > -
On Wed, 29 Mar 2000, Branden Robinson wrote:
> On Tue, Mar 28, 2000 at 12:02:18PM +0200, Santiago Vila wrote:
> > Proposal: (to be inserted into an appropriate place in the policy docs)
> >
> >
> > The /var/log directory should have permissions 2775 (group-writable and
> > set-group-id)
On Tue, Mar 28, 2000 at 12:02:18PM +0200, Santiago Vila wrote:
> Proposal: (to be inserted into an appropriate place in the policy docs)
>
>
> The /var/log directory should have permissions 2775 (group-writable and
> set-group-id) and be owned by root.adm.
>
> Rationale: root.adm is a be
* Santiago Vila <[EMAIL PROTECTED]> [000329 01:47]:
> ---
> The /var/log directory should have permissions 2755 (set-group-id)
> and be owned by root.adm.
> ---
S
On Tue, 28 Mar 2000, Wichert Akkerman wrote:
> Previously Santiago Vila wrote:
> > The /var/log directory should have permissions 2775 (group-writable and
> > set-group-id) and be owned by root.adm.
>
> Why group writeable?
Good question. These are the permissions Bruce Perens gave to the /var/l
>>"Santiago" == Santiago Vila <[EMAIL PROTECTED]> writes:
>> Previously Santiago Vila wrote:
>> > How do we want these files to be?
>> >
>> > a) All of them should be root.root.
>> > b) All of them should be root.adm.
>> > c) This should not be covered by policy.
>>
>> I would say c) and
Santiago Vila <[EMAIL PROTECTED]> wrote:
>
> The /var/log directory should have permissions 2775 (group-writable and
> set-group-id) and be owned by root.adm.
This is going to allow adm members to delete/create logfiles, probably not
what you intended.
--
Debian GNU/Linux 2.1 is out! ( http://www
15 matches
Mail list logo
