From owner-freebsd-questions@FreeBSD.ORG Sat Sep 13 00:51:22 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7257A106564A; Sat, 13 Sep 2008 00:51:22 +0000 (UTC) (envelope-from mbeis@xs4all.nl) Received: from smtp-vbr9.xs4all.nl (smtp-vbr9.xs4all.nl [194.109.24.29]) by mx1.freebsd.org (Postfix) with ESMTP id 0C3218FC08; Sat, 13 Sep 2008 00:51:20 +0000 (UTC) (envelope-from mbeis@xs4all.nl) Received: from yokozuna.lan (213-84-73-82.adsl.xs4all.nl [80.101.78.208]) by smtp-vbr9.xs4all.nl (8.13.8/8.13.8) with ESMTP id m8D0pJXf044167; Sat, 13 Sep 2008 02:51:19 +0200 (CEST) (envelope-from mbeis@xs4all.nl) Received: from yokozuna.lan (yokozuna.lan [127.0.0.1]) by yokozuna.lan (8.14.2/8.14.2) with ESMTP id m8D0pI3F081622; Sat, 13 Sep 2008 02:51:18 +0200 (CEST) (envelope-from mbeis@xs4all.nl) Date: Sat, 13 Sep 2008 02:51:18 +0200 From: Marco Beishuizen To: freebsd-questions@freebsd.org Message-ID: <20080913025118.4d406f32@yokozuna.lan> In-Reply-To: <48CAE6FD.4020001@FreeBSD.org> References: <20080908222921.4daba36a@yokozuna.lan> <48C59453.3090604@FreeBSD.org> <20080912183357.49250e47@yokozuna.lan> <48CAE6FD.4020001@FreeBSD.org> X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: by XS4ALL Virus Scanner Cc: glarkin@freebsd.org Subject: Re: logcheck doesn't work anymore X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Sep 2008 00:51:22 -0000 On Fri, 12 Sep 2008 18:02:37 -0400 Greg Larkin wrote: > Hi Marco, > > Right you are! In fact, after my initial logcheck commit, someone > opened a PR stating something very similar to what you noted: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127255 > > The submitter's point is that the logcheck user should not be part of > the wheel group, since that also confers the ability to su to root and > read many files that should be private. > > A patch has been committed very recently to remove the logcheck user > from the wheel group and change the verbiage in pkg-message: > http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-install.in.diff?r1=1.1;r2=1.2 > http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-message.in.diff?r1=1.1;r2=1.2 > > Any file that needs to be analyzed by logcheck will now have to be > readable by the logcheck group instead of the wheel group. > > Best regards, > Greg > - -- > Greg Larkin I upgraded to the latest version today and now there is a separate logcheck group. But logcheck still only works when the logfiles have permission 644. Most of them had permissions set to 600 but then I get the same error messages as before. Or should I change the owner of all logfiles from root to logcheck and then the permissions back to 600? Regards, Marco -- I'd rather just believe that it's done by little elves running around.