From owner-freebsd-hackers  Mon Jan 13 23:26:59 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id XAA26060
          for hackers-outgoing; Mon, 13 Jan 1997 23:26:59 -0800 (PST)
Received: from time.cdrom.com (time.cdrom.com [204.216.27.226])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id XAA26053
          for <hackers@freebsd.org>; Mon, 13 Jan 1997 23:26:54 -0800 (PST)
Received: from time.cdrom.com (localhost [127.0.0.1]) by time.cdrom.com (8.8.4/8.6.9) with ESMTP id XAA22182 for <hackers@freebsd.org>; Mon, 13 Jan 1997 23:26:52 -0800 (PST)
To: hackers@freebsd.org
Subject: Default accounting file permissions.
Date: Mon, 13 Jan 1997 23:26:52 -0800
Message-ID: <22178.853226812@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In /etc/rc, we have the following behavior if accounting=YES in /etc/sysconfig:

if [ "X${accounting}" = X"YES" -a -d /var/account ]; then
        echo 'turning on accounting'
        if [ ! -e /var/account/acct ]; then
                touch /var/account/acct
        fi
        accton /var/account/acct
fi

If there's no /var/account/acct file, it creates one with the standard
umask by touching it and I think that this is bad.  Would not:

        if [ ! -e /var/account/acct ]; then
                touch /var/account/acct && chmod 600 /var/account/acct
        fi

Be safer, or would this break something?  I don't think that Joe User
should be able to see what root (or anyone else) is up to.

If no one can point out how this might be bad, I'll make the change.

						Jordan