Bug#488365: logrotate: Creates /var/log/{btmp,wtmp} also created by the base-files Essential package

Sat, 28 Jun 2008 03:52:55 -0700 

Package: logrotate
Version: 3.7.1-3
Severity: normal
Tags: patch

Hello,

Context #1 : for privacy reasons, there is some work being done to
allow a Debian system administrator to disable, « the Debian way »,
login records book-keeping, rather than relying on ugly hacks.
This bug report is a first step on the way to make this possible.

Context #2 : the files /var/log/{btmp,wtmp} gather privacy-sensitive
data. According to wtmp’s and lastb’s manpages, the standard way to
disable such logging is to simply delete these files (no program
should ever create them if them does not exist yet). Well.

On a current Lenny system, /var/log/{btmp,wtmp} may be created
automatically on two places :
  - the default /etc/logrotate.conf makes logrotate create them
    monthly if they do not exist yet, with appropriate owner and
    permissions ;
  - the base-files package unconditionally creates/chown/chmod them
    on postinst.

IMHO, this code duplication is a problem :
  - it does not do any good that I can think of ;
  - it increases the risk of incoherence between the two ways
    (permissions, owner) these files are created ;
  - it makes it hard for us to properly offer a sysadmin the
    possibility to disable login book-keeping : it currently requires
    him/her to configure/hack the same thing at two places, and it
    would require us (privacy-related CDD developers) to render the
    same thing easily configurable at two places.

We then have to choose one, and only one, of these places to be
responsible to create (or not) /var/log/{btmp,wtmp}.

As base-files is in Essential, some minimal Debian systems without
logrotate may depend on the fact that these files have been created.
For backward-compatibility reasons, these files should then be created
by base-files, and not by logrotate.

That’s why I’m suggesting to disable the creation of
/var/log/{btmp,wtmp} in the default /etc/logrotate.conf ; the attached
patch to the shipped logrotate.conf does so.

Bye,
--
  intrigeri <[EMAIL PROTECTED]>
  | gnupg key @ http://gaffer.boum.org/intrigeri/intrigeri.asc
  | The impossible just takes a bit longer.

--- logrotate.conf.orig	2008-06-28 12:20:05.546972345 +0200
+++ logrotate.conf	2008-06-28 12:20:20.233619534 +0200
@@ -18,14 +18,14 @@
 /var/log/wtmp {
     missingok
     monthly
-    create 0664 root utmp
+    nocreate
     rotate 1
 }
 
 /var/log/btmp {
     missingok
     monthly
-    create 0664 root utmp
+    nocreate
     rotate 1
 }

Reply via email to