* Gerrit Pape: > On Thu, Nov 02, 2006 at 11:23:02AM +0100, Florian Weimer wrote: >> From the postinst: >> >> adduser --system --home /var/log/git-daemon --no-create-home --ingroup adm >> gitlog >> >> This is wrong. adm group membership is reserved to (human) system >> administrators. > > Okay, where can I read about this?
http://www.debian.org/doc/manuals/reference/ch-tune.en.html#s9.2.3 http://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s12.1.12.1 >> What are you trying to accomplish? > > I'm afraid, I don't remember anymore, currently I don't see any reason > for this. Perhaps you're trying to create the log files in group adm, so that members of that group can read them? In this case, it's better to make the directory owned user gitlog, group adm, with permissions 2750. This way, the adm group is inherited by files created by the gitlog user. Or just use syslog. > I maintain several packages that provide a separated log > service running under different privileges, since years IIRC, and adding > the log user to group adm has become common practice for me. > > (The packages are bcron-run, bincimap-run, socklog-run, twoftpd-run) These packages need similar changes, I'm afraid. Furthermore, you should make a directory to which log files are written the home directory, just to make sure that some log files are not treated as dot files for some obscure reason (e.g. if somebody else controls the name of these files). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
