Excerpts from Kees Cook's message of Tue May 24 11:46:48 -0700 2011: > One unresolved problem is that the local default user (who is part of > "admin") is also part of the "adm" group, which means these log files are > visible without additional privileges: > > -rw-r----- 1 root adm 25937 2011-05-24 10:59 /var/log/dmesg > -rw-r----- 1 syslog adm 0 2011-05-24 11:17 /var/log/kern.log > > (And some system have a historically world-readable /var/log/dmesg that > should be fixed...) Does anyone see any problems in removing the default > user from the "adm" group? It seems to almost exclusively only be used for > log file reading permissions... > > Thoughts, flames, etc?
+1 I've always been a bit surprised at how much I can see in /var/log when logged into a brand new box as the initial admin user. I think users are accustomed to sudo when debugging issues, and I'm comfortable with saying that reading /var/log/* is just one more thing you need to use sudo for. -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
