From owner-freebsd-security Mon Jul 27 11:31:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA08715 for freebsd-security-outgoing; Mon, 27 Jul 1998 11:31:34 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell6.ba.best.com (jkb@shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA08650 for ; Mon, 27 Jul 1998 11:31:14 -0700 (PDT) (envelope-from jkb@best.com) Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id LAA01359; Mon, 27 Jul 1998 11:30:31 -0700 (PDT) X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs Date: Mon, 27 Jul 1998 11:30:30 -0700 (PDT) From: "Jan B. Koum " X-Sender: jkb@shell6.ba.best.com To: Sheldon Hearn cc: security@FreeBSD.ORG Subject: Re: files in /var/log In-Reply-To: <24385.901543204@iafrica.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 27 Jul 1998, Sheldon Hearn wrote: > >On Mon, 27 Jul 1998 03:03:28 MST, "Jan B. Koum " wrote: > >> Also, would it make more sence to ship /var/log/messages o-r by >> default? Why do we want all world to know what goes into our >> /var/log/messages files? > >By the same token, what _don't_ you want your users to see? As a >non-administrative user on several FreeBSD systems, I would be most >disappointed if my read access to maillog and messages were revoked. There are many reasons. With /var/log/maillog it is privacy issues: do you really want everyone on your system to know you sent mail to sales@class-sex-toys.com or that you are exchanging mail with your competitor. With /var/log/messages -- well, there is NOTHING there that average user needs. If you are an admin, you are most likely in the wheel group already and should have read access to /var/log/messages w/o doing su(1). People sometimes might enter their password at the login: prompt -- do you want all your users to read this? Do you want all your users to know other similar information? If so, chmod a+r /var/log/messages on your system. I still think by default we should ship /var/log/* files group read and world nothing. -- Yan > >Of course, if there are files that contain information you feel should >be hidden for reasons relating to system security, that's something you >should say. Perhaps you could explain the background of your query, >particularly what information concerns you? > >Ciao, >Sheldon. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message