reassign 35504 debian-policy retitle 35504 [PROPOSAL] Permissions of /var/log. severity 35504 wishlist thanks
Some time ago I asked about permissions of /var/log, it's time to do something about it. On Tue, 25 Jan 2000, Wichert Akkerman wrote: > Previously Santiago Vila wrote: > > How do we want these files to be? > > > > a) All of them should be root.root. > > b) All of them should be root.adm. > > c) This should not be covered by policy. > > I would say c) and let common sense decide. Generally the idea is: > > 1. logfiles which don't contain sensitive data should be readable > by everyone. Which group they have doesn't really matter. > 2. logfiles which contain sensitive data should only readable by > root and admins, and thus be owned by root.adm and mode 640. Ok, this means root.adm is a better default than root.root. Therefore I make the following Proposal: (to be inserted into an appropriate place in the policy docs) ======== The /var/log directory should have permissions 2775 (group-writable and set-group-id) and be owned by root.adm. Rationale: root.adm is a better default than root.root. I am now looking for seconds for this proposal. Thanks.