Log files which can potentially contain sensitive data should usually be <system_user>:adm 640; the group "adm" purpose is that members can read system log files. For "harmless" log files they can be root:root (or from a system user if the daemon is not running as root) and 644.
It would be good if cups could stick to that as well, i. e. either use root:adm 640 or 644; as print jobs and information about them might potentially be sensitive, the former seems better? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1268011 Title: Inconsistent ownership/permissions of error_log in CUPS Status in “cups” package in Ubuntu: New Bug description: Package CUPS 1.7.1 in Ubuntu has a patch that changes ownership of all log files to root:adm. At the same time, cups-daemon.logrotate changes ownership to root:lpadmin, permissions 640 daily. At the same time, CUPS itself sets its log files by default to 644. Please make it a bit more consistent by default? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1268011/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
