Hi, I maintain the Lire package, which processes log files from e.g. sendmail, bind, apache, boa and lots of other services. I don't want to run any Lire processes as root. However, of course, the processes need read access to log files. Unfortunately, there seems to be no rule or policy on how access permissions for log files should be. Wouldn't it be nice if all non-public log files were owned by group `adm', and groupreadable? (World readability for public log files is fine too, of course.) Currently, this is the case for quite a lot of commonly found log files.
(A short investigation shows some exceptions: in order to read exim's logs, one needs to be in the `mail' group. For squid this is the `proxy' group.) I've reread the "exploring debian's users and groups" discussion on http://lists.debian.org/debian-devel/2001/debian-devel-200108/msg00272.html , although similar issues were raised, no conclusion seems to have been reached on this specific subject (other than "adm is to read logs".) See also http://bugs.debian.org/153812 . In the current situation, I can't automatically configure my package to get readaccess for all supported logs, without running it as root :( Bye, Joost -- . . http://mdcc.cx/ Joost van Baal . . . . . . http://logreport.org/
pgpeJ0XhJeRTb.pgp
Description: PGP signature
