Hi On Mon, Feb 08, 2010 at 11:02:49AM +0100, J.M.Roth wrote: > On 2/8/2010 7:54 AM, Ola Lundqvist wrote: > >> /var/log/access.log is writeable by everyone. The following would fix that: > > > > The file or the directory? > > > > My file has the following permission: > > drwxr-xr-x 2 ntop root 89 May 10 2009 . > > drwxr-xr-x 15 root root 4096 Feb 8 01:21 .. > > -rw------- 1 ntop ntop 0 May 10 2009 access.log > > -rw------- 1 ntop ntop 1495082 May 8 2009 access.log.1.gz > > -rw------- 1 ntop ntop 263209 May 6 2009 access.log.2.gz > > -rw------- 1 ntop ntop 50469 Nov 12 2006 access.log.3.gz > > Maybe you did that yourself sometime in the past?
No I do not think so, but it was not a fresh install. > After installation (not upgrade) on two independent Lenny systems: > - aptitude install ntop > - ntop -A > - /etc/init.d/ntop start > my log directory looks like this: > > drwxr-xr-x 2 ntop root 4096 2010-01-27 11:18 . > drwxr-xr-x 12 root root 4096 2010-01-27 11:17 .. > -rw-rw-rw- 1 root root 0 2010-01-27 11:18 access.log Not good. However I do not think postinst is good enough. We must change the umask instead so that it is created correctly. > >> + chown -Rf $USER: /var/log/ntop > > > > Why changing this? Why the ':' character? > > To make the group of the directory the primary group of the user (i.e. > ntop) we just chowned to. Ok, thanks. Did not know about that syntax. > >> +# content of log dir inherits group permission > >> +chmod g+s,o= /var/log/ntop > > > > Why do you want to inherit the root group permissions? > > Because the files need to be writeable to ntop. > After the above, files will belong to group ntop (like the directory). > So ntop will be able to access (read/write) them. Ok. I see. I'll see if I can find the place where the file is created so we can have proper permissions at that time. Best regards, // Ola > JM > > > -- --------------------- Ola Lundqvist --------------------------- / o...@debian.org Annebergsslingan 37 \ | o...@inguza.com 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
