Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 07 Jul 2019 18:18:16 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 202203] acct(5): accounting, the default rc.conf doesn't match periodic.conf
Message-ID:  <bug-202203-227-21I8a2kAse@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-202203-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-202203-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D202203

Ian Lepore <ian@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|bugs@FreeBSD.org            |ian@FreeBSD.org
             Status|New                         |In Progress
                 CC|                            |ian@FreeBSD.org,
                   |                            |wblock@FreeBSD.org

--- Comment #2 from Ian Lepore <ian@FreeBSD.org> ---
r349807 should eliminate the spurious daily error messages.  I believe that
leaves two things to fix:

 1. the rc.d/accounting script recreates the acct file every day with insec=
ure
file mode bits (likewise when it creates the /var/account dir).

 2. The advice in the handbook has become outdated.


For #1, I've posted a phab review, https://reviews.freebsd.org/D20876


For #2, I propose updating the handbook.  I'm not a docs person, so I don't
have a diff for that, but I propose that the new sequence for enabling it be
changed from touch/chmod/accton/sysrc to:

   service accounting enable
   service accounting start

Then a paragraph should be added about file security, something like:

The accounting information is stored in files located in /var/account, whic=
h is
automatically created, if necessary, the first time the accounting service
starts.  These files contain sensitive information, including all the comma=
nds
issued by all users.  Write access to the files is limited to root, and read
access is limited to root and members of the wheel group.  To also prevent
members of wheel from reading the files, change the mode of the /var/account
directory to allow access only by root.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202203-227-21I8a2kAse>