On Sun, 11 May 2008, [EMAIL PROTECTED] wrote: > Please make all and create new /var/log/dpkg.log* in 644 mode. > I see no reason for not letting users see what is going on. > The can do dpkg -l anyway, and the only files not readable by the user > in e.g., /var/lib/dpkg/ are some 0 byte lock files too.
Why should this log file be treated differently? If the user is part of the adm group, he can see the logs, otherwise he can't. On the other hand, I don't see any obvious security concern by giving read rights to this file except maybe for attacks that involve some precise timing wrt dpkg operations. I don't know if that's enough to warrant the restricted rights. Cheers, -- Raphaël Hertzog Le best-seller français mis à jour pour Debian Etch : http://www.ouaza.com/livre/admin-debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
