On Tue, 28 Mar 2000, Wichert Akkerman wrote:

> Previously Santiago Vila wrote:
> > The /var/log directory should have permissions 2775 (group-writable and
> > set-group-id) and be owned by root.adm.
> Why group writeable?

Good question. These are the permissions Bruce Perens gave to the /var/log
directory a long time ago, and there is a similar policy for the
/usr/local directory, so I based my first draft on this.

Anyway, since noone think it is a good idea, I withdrawn the
group-writable part. I modify my proposal to this:

The /var/log directory should have permissions 2755 (set-group-id)
and be owned by root.adm.

Rationale: If group of logfiles which don't contain sensitive data does
not matter and logfiles which contain sensitive data should be owned by
root.adm, then root.adm is a better default than root.root.

Manoj wrote:
> What are your arguments for not letting the maintainer decide this on
> their own?

This policy will still let the maintainer to decide this on their own.

I am still looking for seconds for this modified proposal. If you think
this policy is harmful, please object and I'll drop it entirely.


 "624683a2cc2372410330d8e82fa3ee07" (a truly random sig)

Reply via email to