Date: Sat, 8 Jun 2024 11:13:53 -0400 From: D'Arcy Cain <darcy@druid.net> To: questions@freebsd.org Subject: Re: Confusing security report Message-ID: <16a0e80a-27d0-448a-9bc0-d123d95b4a96@druid.net> In-Reply-To: <si7g6yqkfaylfpd4pbaccxdabx2etlpafjdmxqepvohnceujjl@p4h6tatk25jz> References: <9381aabf-f95c-4d0e-912a-4aeb36c767bd@druid.net> <si7g6yqkfaylfpd4pbaccxdabx2etlpafjdmxqepvohnceujjl@p4h6tatk25jz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2024-06-08 10:45, lain. wrote: > On 2024年06月08日 08:41, the silly D'Arcy Cain claimed to have said: >> On a number of my servers I have the following in the daily security report: >> >> Checking login.conf permissions: >> Bad ownership of /etc/login.conf >> >> The thing is that I don't have that file. I create /etc/login.conf.db from >> a file in my own repository. Would I be OK creating an empty >> /etc/login.conf just to keep it quiet? > > Just curious, but why do you not have a /etc/login.conf file? > From my understanding, this is one of the mandatory files on any BSD > system, even if everything is commented out (or the file is blank). > > So a simple `touch /etc/login.conf` would silence the report. I thought I explained that but let me expand. I have a login.conf in my subversion repository which is checked out on every server in my farm. At boot time it runs this command: cap_mkdb -f /etc/login.conf /Vybe/etc/general/login.conf So that creates the /etc/login.conf.db. If that db file exists it will be used regardless of whether /etc/login.conf exists. I thought I could simply symlink the repo file into /etc but I am pretty sure that would give me the same ownership warning. Yah, I will probably just create an empty file for login.conf. Maybe my rc.local, where I have that cap_mkdb command, can simply do this: >/etc/login.conf -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner. IM: darcy@Vex.Net, VoIP: sip:darcy@druid.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16a0e80a-27d0-448a-9bc0-d123d95b4a96>