On 14 Feb 2006, at 08:58, martin f krafft wrote:
also sprach Jamie L. Penman-Smithson <[EMAIL PROTECTED]> [2006.02.13.0042 +0100]:I see no reason why /etc/logcheck should have any more permissions than 0750. Please consider removing access rights from 'other'.Conversely, I don't see much point in being this restrictive?For a fact, some packages install 644 files: [EMAIL PROTECTED]:/etc/logcheck# ls -la ignore.d.server/ntp-server -rw-r--r-- 1 root root 45 Aug 26 10:30 ignore.d.server/ntp-server By making /etc/logcheck 750, those could be protected, and it would be unnecessary to file bugs against all packages installing 644 logcheck files.
However, ignore.d.* is only accessible by root and users in the logcheck group:
drwxr-s--- 2 root logcheck 608 2006-02-06 22:53 ignore.d.paranoid drwxr-s--- 2 root logcheck 2808 2006-02-12 23:56 ignore.d.server drwxr-s--- 2 root logcheck 896 2006-02-10 20:15 ignore.d.workstation It looks to me like they're already protected? -- -Jamie L. Penman-Smithson <[EMAIL PROTECTED]> t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: [EMAIL PROTECTED]
PGP.sig
Description: This is a digitally signed message part
