Date: Sun, 07 Jul 2019 18:18:16 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 202203] acct(5): accounting, the default rc.conf doesn't match periodic.conf Message-ID: <bug-202203-227-21I8a2kAse@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-202203-227@https.bugs.freebsd.org/bugzilla/> References: <bug-202203-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D202203 Ian Lepore <ian@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |ian@FreeBSD.org Status|New |In Progress CC| |ian@FreeBSD.org, | |wblock@FreeBSD.org --- Comment #2 from Ian Lepore <ian@FreeBSD.org> --- r349807 should eliminate the spurious daily error messages. I believe that leaves two things to fix: 1. the rc.d/accounting script recreates the acct file every day with insec= ure file mode bits (likewise when it creates the /var/account dir). 2. The advice in the handbook has become outdated. For #1, I've posted a phab review, https://reviews.freebsd.org/D20876 For #2, I propose updating the handbook. I'm not a docs person, so I don't have a diff for that, but I propose that the new sequence for enabling it be changed from touch/chmod/accton/sysrc to: service accounting enable service accounting start Then a paragraph should be added about file security, something like: The accounting information is stored in files located in /var/account, whic= h is automatically created, if necessary, the first time the accounting service starts. These files contain sensitive information, including all the comma= nds issued by all users. Write access to the files is limited to root, and read access is limited to root and members of the wheel group. To also prevent members of wheel from reading the files, change the mode of the /var/account directory to allow access only by root. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-202203-227-21I8a2kAse>