Processing commands for [EMAIL PROTECTED]:
> reassign 35504 base-files
Bug#35504: [PROPOSAL] Permissions of /var/log.
Bug reassigned from package `debian-policy' to `base-files'.
> retitle 35504 /var/log should be 755 and root.root
Bug#35504: [PROPOSAL] Permissions of /var/log.
C
reassign 35504 base-files
retitle 35504 /var/log should be 755 and root.root
severity 35504 fixed
thanks
[ fixed in base-files_2.1.20 ].
I consider this proposal rejected, because there has been a formal
objection and no seconds.
I think I was interpreting Wichert's words too much literally:
>
On Thu, Mar 30, 2000 at 09:21:17PM +0100, Mark Baker wrote:
> > exim for example uses mail.mail for ownership of its log files, but mode
> > 640...
>
> They probably should be group adm, though.
Please change them to adm, then.
--
Digital Electronic Being Intended for Assassination and Nullifi
On Fri, 31 Mar 2000, Wichert Akkerman wrote:
> No, group mail is a valid group for these logfiles (it allows
> listmasters to check the logs for example).
Too many other things are group mail for that to be reasonable, like user
mail boxes for instance. Stuff that is adm is limited to log files
Previously Mark Baker wrote:
> They probably should be group adm, though.
No, group mail is a valid group for these logfiles (it allows
listmasters to check the logs for example).
Wichert.
--
/ Generally uninteresting signatu
On Thu, 30 Mar 2000, Mark Baker wrote:
> They probably should be group adm, though.
I would like that, it is annoying to have to add all the admin people to
all sorts of groups (with unknown other repercussions) just so they can
read logs.
I think group adm should allow the reading of most, if
On Wed, Mar 29, 2000 at 02:41:44PM +0200, Josip Rodin wrote:
> > Files created by root inside /var/log would be root.adm by default, not
> > root.root by default.
>
> I agree, that would be quite useful. Most of the files in there are already
> set up that way, but some aren't, and that makes peo
Previously Herbert Xu wrote:
> This is going to allow adm members to delete/create logfiles, probably not
> what you intended.
And modify even..
Wichert.
--
/ Generally uninteresting signature - ignore at your convenience \
|
Previously [EMAIL PROTECTED] wrote:
> Better yet, read-only access to group adm and no access to world? So
> permissions 275.? Should the /var/log directory be itself be
> viewable/listable by world?
Why? Group adm is only there for sensitive logs (some logs can contain
things like passwords).
Wi
On Wed, Mar 29, 2000 at 01:56:31PM +0200, Santiago Vila wrote:
> > > ---
> > > The /var/log directory should have permissions 2755 (set-group-id)
> > > and be owned by root.adm.
> > > ---
On Wed, 29 Mar 2000, Seth R Arnold wrote:
> * Santiago Vila <[EMAIL PROTECTED]> [000329 01:47]:
> > ---
> > The /var/log directory should have permissions 2755 (set-group-id)
> > and be owned by root.adm.
> > -
On Wed, 29 Mar 2000, Branden Robinson wrote:
> On Tue, Mar 28, 2000 at 12:02:18PM +0200, Santiago Vila wrote:
> > Proposal: (to be inserted into an appropriate place in the policy docs)
> >
> >
> > The /var/log directory should have permissions 2775 (group-writable and
> > set-group-id)
On Tue, Mar 28, 2000 at 12:02:18PM +0200, Santiago Vila wrote:
> Proposal: (to be inserted into an appropriate place in the policy docs)
>
>
> The /var/log directory should have permissions 2775 (group-writable and
> set-group-id) and be owned by root.adm.
>
> Rationale: root.adm is a be
* Santiago Vila <[EMAIL PROTECTED]> [000329 01:47]:
> ---
> The /var/log directory should have permissions 2755 (set-group-id)
> and be owned by root.adm.
> ---
S
On Tue, 28 Mar 2000, Wichert Akkerman wrote:
> Previously Santiago Vila wrote:
> > The /var/log directory should have permissions 2775 (group-writable and
> > set-group-id) and be owned by root.adm.
>
> Why group writeable?
Good question. These are the permissions Bruce Perens gave to the /var/l
>>"Santiago" == Santiago Vila <[EMAIL PROTECTED]> writes:
>> Previously Santiago Vila wrote:
>> > How do we want these files to be?
>> >
>> > a) All of them should be root.root.
>> > b) All of them should be root.adm.
>> > c) This should not be covered by policy.
>>
>> I would say c) and
Better yet, read-only access to group adm and no access to world? So
permissions 275.? Should the /var/log directory be itself be
viewable/listable by world?
On Tue, 28 Mar 2000, Marco d'Itri wrote:
> On Mar 28, Santiago Vila <[EMAIL PROTECTED]> wrote:
>
> >The /var/log directory should have p
On Mar 28, Santiago Vila <[EMAIL PROTECTED]> wrote:
>The /var/log directory should have permissions 2775 (group-writable and
>set-group-id) and be owned by root.adm.
>
>Rationale: root.adm is a better default than root.root.
This isn't a rationale, it's more like a joke.
Please explain the pur
Previously Santiago Vila wrote:
> The /var/log directory should have permissions 2775 (group-writable and
> set-group-id) and be owned by root.adm.
Why group writeable?
Wichert.
--
/ Generally uninteresting signature - ignore
Santiago Vila <[EMAIL PROTECTED]> wrote:
>
> The /var/log directory should have permissions 2775 (group-writable and
> set-group-id) and be owned by root.adm.
This is going to allow adm members to delete/create logfiles, probably not
what you intended.
--
Debian GNU/Linux 2.1 is out! ( http://www
Processing commands for [EMAIL PROTECTED]:
> reassign 35504 debian-policy
Bug#35504: base2_1.tgz: ownership/permissions of /var/log (?).
Bug reassigned from package `base-files' to `debian-policy'.
> retitle 35504 [PROPOSAL] Permissions of /var/log.
Bug#35504: base2_1.tgz: owner
reassign 35504 debian-policy
retitle 35504 [PROPOSAL] Permissions of /var/log.
severity 35504 wishlist
thanks
Some time ago I asked about permissions of /var/log, it's time to do
something about it.
On Tue, 25 Jan 2000, Wichert Akkerman wrote:
> Previously Santiago Vila wrote:
>
On Tue, 25 Jan 2000, Wichert Akkerman wrote:
> Previously Santiago Vila wrote:
> > How do we want these files to be?
> >
> > a) All of them should be root.root.
> > b) All of them should be root.adm.
> > c) This should not be covered by policy.
>
> I would say c) and let common sense decide. Gen
On Tue, 25 Jan 2000, Wichert Akkerman wrote:
> Previously Santiago Vila wrote:
> > How do we want these files to be?
> >
> > a) All of them should be root.root.
> > b) All of them should be root.adm.
> > c) This should not be covered by policy.
>
> I would say c) and let common sense decide. Gen
On Tue, 25 Jan 2000 at 15:59, Santiago Vila wrote about "Permissions of...":
> a) All of them should be root.root.
> b) All of them should be root.adm.
> c) This should not be covered by policy.
I think an equally important question should be the permissions on such
files.
Some files should defi
Previously Santiago Vila wrote:
> How do we want these files to be?
>
> a) All of them should be root.root.
> b) All of them should be root.adm.
> c) This should not be covered by policy.
I would say c) and let common sense decide. Generally the idea is:
1. logfiles which don't contain sensitive
Hello.
Some files in /var/log are root.adm, while some others are root.root.
How do we want these files to be?
a) All of them should be root.root.
b) All of them should be root.adm.
c) This should not be covered by policy.
I would like to hear opinions about this.
Thanks.
--
"cdd7f6f8dfee3a
27 matches
Mail list logo
