On 2/9/2010 8:45 AM, Ola Lundqvist wrote: > On Mon, Feb 08, 2010 at 11:24:52PM +0100, J.M.Roth wrote: >> On 2/8/2010 11:13 PM, Ola Lundqvist wrote: >>>> drwxr-xr-x 2 ntop root 4096 2010-01-27 11:18 . >>>> drwxr-xr-x 12 root root 4096 2010-01-27 11:17 .. >>>> -rw-rw-rw- 1 root root 0 2010-01-27 11:18 access.log >>> >>> Not good. However I do not think postinst is good enough. We must change >>> the umask instead so that it is created correctly. >> >> But umask would just change permissions like chmod. >> Even when others could no longer read/write to the file due to changes >> to the umask, the ntop user also wouldn't be able to anymore. More can't >> be accomplished by playing with the umask. > > Yes, but what happens in the following case: > 1) Someone install the package > 2) Run ntop (log created) > 3) Clean log files > 4) Run ntop again (with -A) > > Now logfiles are there still with writeable access log. > > Your solution only works on upgrade (or did I completely misunderstood you?)
When setting the correct permissions (u=rx,g=rxs,o= with ownership ntop:ntop) on the directory, the permissions will always be ok: - the directory will not be accessible by anyone else than ntop, - the contained files will have appropriate rights to be read/written by ntop. (I dislike the fact that they still are o=rw, but that doesn't matter in that case) If you remove the directory altogether, ntop will no longer start: "Starting network top daemon: ERR: logging directory /var/log/ntop does not exist will not start network top daemon!" I'm not sure what happens on an upgrade. Is postinst run on upgrade? If it is, then permissions would be correct afterwards. JM -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
