Date: Mon, 13 Jan 1997 23:26:52 -0800 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: hackers@freebsd.org Subject: Default accounting file permissions. Message-ID: <22178.853226812@time.cdrom.com>
next in thread | raw e-mail | index | archive | help
In /etc/rc, we have the following behavior if accounting=YES in /etc/sysconfig:
if [ "X${accounting}" = X"YES" -a -d /var/account ]; then
echo 'turning on accounting'
if [ ! -e /var/account/acct ]; then
touch /var/account/acct
fi
accton /var/account/acct
fi
If there's no /var/account/acct file, it creates one with the standard
umask by touching it and I think that this is bad. Would not:
if [ ! -e /var/account/acct ]; then
touch /var/account/acct && chmod 600 /var/account/acct
fi
Be safer, or would this break something? I don't think that Joe User
should be able to see what root (or anyone else) is up to.
If no one can point out how this might be bad, I'll make the change.
Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22178.853226812>