From owner-freebsd-bugs@freebsd.org  Sun Jul  7 18:18:18 2019
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id ABBFE15EA544
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sun,  7 Jul 2019 18:18:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 46A5F6B548
 for <freebsd-bugs@freebsd.org>; Sun,  7 Jul 2019 18:18:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 0A6CA15EA543; Sun,  7 Jul 2019 18:18:18 +0000 (UTC)
Delivered-To: bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C3D8615EA53E
 for <bugs@mailman.ysv.freebsd.org>; Sun,  7 Jul 2019 18:18:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 523D56B542
 for <bugs@FreeBSD.org>; Sun,  7 Jul 2019 18:18:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 8E43B89D
 for <bugs@FreeBSD.org>; Sun,  7 Jul 2019 18:18:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x67IIG0M036912
 for <bugs@FreeBSD.org>; Sun, 7 Jul 2019 18:18:16 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x67IIGau036909
 for bugs@FreeBSD.org; Sun, 7 Jul 2019 18:18:16 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 202203] acct(5): accounting, the default rc.conf doesn't match
 periodic.conf
Date: Sun, 07 Jul 2019 18:18:16 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: conf
X-Bugzilla-Version: 10.2-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: ian@FreeBSD.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: ian@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: assigned_to bug_status cc
Message-ID: <bug-202203-227-21I8a2kAse@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-202203-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-202203-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jul 2019 18:18:19 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D202203

Ian Lepore <ian@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|bugs@FreeBSD.org            |ian@FreeBSD.org
             Status|New                         |In Progress
                 CC|                            |ian@FreeBSD.org,
                   |                            |wblock@FreeBSD.org

--- Comment #2 from Ian Lepore <ian@FreeBSD.org> ---
r349807 should eliminate the spurious daily error messages.  I believe that
leaves two things to fix:

 1. the rc.d/accounting script recreates the acct file every day with insec=
ure
file mode bits (likewise when it creates the /var/account dir).

 2. The advice in the handbook has become outdated.


For #1, I've posted a phab review, https://reviews.freebsd.org/D20876


For #2, I propose updating the handbook.  I'm not a docs person, so I don't
have a diff for that, but I propose that the new sequence for enabling it be
changed from touch/chmod/accton/sysrc to:

   service accounting enable
   service accounting start

Then a paragraph should be added about file security, something like:

The accounting information is stored in files located in /var/account, whic=
h is
automatically created, if necessary, the first time the accounting service
starts.  These files contain sensitive information, including all the comma=
nds
issued by all users.  Write access to the files is limited to root, and read
access is limited to root and members of the wheel group.  To also prevent
members of wheel from reading the files, change the mode of the /var/account
directory to allow access only by root.

--=20
You are receiving this mail because:
You are the assignee for the bug.=