On Wed, Jan 25, 2012 at 12:59, Michael Biebl <mbi...@gmail.com> wrote: > Am 25. Januar 2012 12:00 schrieb Kay Sievers <kay.siev...@vrfy.org>: >> On Wed, Jan 25, 2012 at 11:11, Jan Engelhardt <jeng...@medozas.de> wrote: >>> On Wednesday 2012-01-25 02:02, Lennart Poettering wrote: >> >>>>[v39] >>>>* If a group "adm" exists, journal files are automatically >>>> owned by them >>> >>> This sounds like it has the potential that journal files suddenly >>> beomce writable by a random user group that has existed previously. >> >> The group 'adm' isn't random, is it? It's pretty commonly used for >> 'system monitoring' users. > > In Debian (and derivatives) group "adm" is shipped by the base-passwd > package, so guaranteed to exist. The relevant documentation reads: > > adm > > Group adm is used for system monitoring tasks. Members of this group can > read many log files in /var/log, and can use xconsole. > > Historically, /var/log was /usr/adm (and later /var/adm), thus the name of > the group. > > The log files in /var/log that are created by the syslog daemon, are > owned by group adm.
That sounds all pretty sane to me, and like something distros should adopt, if they haven't already. We've did this kind harmonisation with the udev system groups a few years back already, and I think just adopting 'adm' makes the most sense here. Distros who don't want that can patch the sources as needed. We should always provide some common default, one that makes the intention clear to have some sort of "Linux distro default". And any sensible common pattern that is already in use, we should just adopt. I don't think caring too much about cases where someone might have put all the people he did not trust in the group 'adm', is really needed here. :) Kay _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
