tags 326028 wontfix thanks On Thu, Sep 01, 2005 at 05:15:57PM +0700, Jeroen Vermeulen wrote: > Current logrotate config defines permissions 0664 for /var/log/btmp. > There is a known problem with sshd making unnecessary problems about > group permissions on this file, but that aside, isn't this also a bad > file to make world-readable? From what I understand, it might contain > passwords that were accidentally typed at username prompts.
The package base-files sets this file up world readable in its postinst script: chown root:utmp /var/run/utmp /var/log/wtmp /var/log/btmp /var/log/lastlog chmod 664 /var/run/utmp /var/log/wtmp /var/log/btmp /var/log/lastlog Since "lastb" is a symlink to "last", and neither is setuid root, this would have to be a local policy. If you see Bug#314956, you'll see that ssh has been fixed not to moan. Your security concern is valid, though. You can delete /var/log/btmp if you want, and logrotate won't complain. You can edit /etc/logrotate.conf for your own local policy and the changes can be preserved across upgrades. -- Paul Martin <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
