Date: Sat, 13 Sep 2008 02:51:18 +0200 From: Marco Beishuizen <mbeis@xs4all.nl> To: freebsd-questions@freebsd.org Cc: glarkin@freebsd.org Subject: Re: logcheck doesn't work anymore Message-ID: <20080913025118.4d406f32@yokozuna.lan> In-Reply-To: <48CAE6FD.4020001@FreeBSD.org> References: <20080908222921.4daba36a@yokozuna.lan> <48C59453.3090604@FreeBSD.org> <20080912183357.49250e47@yokozuna.lan> <48CAE6FD.4020001@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Sep 2008 18:02:37 -0400 Greg Larkin <glarkin@freebsd.org> wrote: > Hi Marco, > > Right you are! In fact, after my initial logcheck commit, someone > opened a PR stating something very similar to what you noted: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127255 > > The submitter's point is that the logcheck user should not be part of > the wheel group, since that also confers the ability to su to root and > read many files that should be private. > > A patch has been committed very recently to remove the logcheck user > from the wheel group and change the verbiage in pkg-message: > http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-install.in.diff?r1=1.1;r2=1.2 > http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-message.in.diff?r1=1.1;r2=1.2 > > Any file that needs to be analyzed by logcheck will now have to be > readable by the logcheck group instead of the wheel group. > > Best regards, > Greg > - -- > Greg Larkin I upgraded to the latest version today and now there is a separate logcheck group. But logcheck still only works when the logfiles have permission 644. Most of them had permissions set to 600 but then I get the same error messages as before. Or should I change the owner of all logfiles from root to logcheck and then the permissions back to 600? Regards, Marco -- I'd rather just believe that it's done by little elves running around.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080913025118.4d406f32>