Hi On Mon, Feb 08, 2010 at 11:24:52PM +0100, J.M.Roth wrote: > On 2/8/2010 11:13 PM, Ola Lundqvist wrote: > >> drwxr-xr-x 2 ntop root 4096 2010-01-27 11:18 . > >> drwxr-xr-x 12 root root 4096 2010-01-27 11:17 .. > >> -rw-rw-rw- 1 root root 0 2010-01-27 11:18 access.log > > > > Not good. However I do not think postinst is good enough. We must change > > the umask instead so that it is created correctly. > > But umask would just change permissions like chmod. > Even when others could no longer read/write to the file due to changes > to the umask, the ntop user also wouldn't be able to anymore. More can't > be accomplished by playing with the umask.
Yes, but what happens in the following case: 1) Someone install the package 2) Run ntop (log created) 3) Clean log files 4) Run ntop again (with -A) Now logfiles are there still with writeable access log. Your solution only works on upgrade (or did I completely misunderstood you?) > > I'll see if I can find the place where the file is created so we can > > have proper permissions at that time. > > AFAICS the file is created by ntop at runtime if it is not there before. > It is thus given the permissions by the operating system. > Therefore I had "tuned" the directory permissions. Yes, but the permissions is given by the operating system based on the umask of the running program. That is why the usmask must be changed as well. > JM > > PS. Maybe it works fine at a second glance because logrotate correctly > uses "create 640 ntop adm", however the initial install is not fine. Ok. That was good to know. But initial is not good just as you points out. Best regards, // Ola -- --------------------- Ola Lundqvist --------------------------- / o...@debian.org Annebergsslingan 37 \ | o...@inguza.com 654 65 KARLSTAD | | http://inguza.com/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
