On Fri, Mar 28, 2014 at 10:41:06PM +0100, Axel Beckert wrote: > Hi Frank,, > > Frank Gevaerts wrote: > > /var/log/xen-tools and the files in it are only accessible to root, and > > not to the adm group. This forces people to use root shells more than > > should be necessary. > > Granted. Is there a common way or best practise to get the proper > group for log files?
The adm group seems to be the usual. I can't find a proper (normative) reference of the default groups in debian unfortunately, but the following seem relevant: https://www.debian.org/doc/manuals/debian-reference/ch01.en.html#listofnotablesysupsforfileaccess https://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s12.1.12.3 https://www.debian.org/doc/manuals/securing-debian-howto/ch12.en.html#s12.1.12.1 Many packages seem to specify adm directly, e.g. in /etc/logrotate.d/ Frank -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
