Hi Matthew, * Matthew Ruffell <matthew.ruff...@canonical.com> [200812 00:37]: > > Do you happen to know if there was a similar proposal discussed in > > Debian? > > I don't believe this has been discussed in Debian. The only bugs I found was > #570358 and #867747 which are for /var/log/dmesg only. Additionally, I found > https://wiki.debian.org/NewInStretch, which mentions that "The dmesg command > requires superuser privileges."
I'm sure you have seen Ansgar's reply here: https://lists.debian.org/debian-devel/2020/08/msg00121.html > That grants additional rights to the `adm` group that it did not have > before, for example to clear the dmesg buffer: > > $ dmesg --clear > > works after adding `cap_syslog` to the dmesg binary whereas it did not > work before. This makes me want to -NOT- apply these changes in Debian's util-linux. Debian already has the dmesg_restrict change since stretch, so our users already need to use other mechanisms to look at the kernel log messages. Probably using journalctl or tailing the /var/log/syslog file. Re-enabling dmesg for the %adm group does not seem to add value for Debian now, and granting the --clear (and other) permissions seems to be too much. Chris -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
