[2019-02-05 17:28] Thorsten Glaser <t.gla...@tarent.de> > > As I understand situation, I favor second option. So question is would > > anybody be unhappy, if initscripts will override manual `chown/chmod' on > > logs, created by initscripts. > > Yes. > > It’s fine to adjust permissions on first install, and 0640 root:adm > are sensible defaults, but to change whatever the local admin then > decides is not acceptable. (I think there’s a policy somewhere for > this, even.)
This is how things are done now. At debian/initscripts.posting:135, if /var/log/dmesg does not exists, it is touched with 640, root:adm, permissions are preserved by `savelog -p'. But if /var/log/dmesg gets removed, on next boot it will be recreated with another default -- 644. I believe, this is how submitter got world-readable /var/log/dmesg. Hence, I refine my proposal -- create /var/log/dmesg as 640 in initscripts, *only* if it does not already exists. Ignore kernel.dmesg_restrict. More objections? -- Note, that I send and fetch email in batch, once every 24 hours. If matter is urgent, try https://t.me/kaction --