[Bug 155823] Re: wrong ACL on log file

[Jim Cheetham]

The contents of /var/log/ are not unified as per access permissions,
although many files have group readability for "adm" this is not a
consistent scheme. The dnet client program is running as user "daemon",
and writes its own log file directly, inheriting group 'daemon'
implicitly.

The distributed-net client log is of interest to users keen to see what
their key stats are :-) Given that the policy of the 'adm' group is for
allowing read-only access to log files (see /usr/share/doc/base-passwd
/users-and-groups.txt.gz), I think it would be reasonable to run the
dnetc daemon in the adm group. The primary Ubuntu user is in the 'adm'
group by default.

The /etc/init.d/distributed.net startup script uses su in order to get
the uid change to 'daemon'. This is a bit of a blunt instrument when it
comes to gid control, even when using sg as well. Going to the effort of
a whole new user for this program seems to be a waste of resources
somehow. There's a nicer command 'chpst' in the runit package, but
that's probably not a suitable dependancy ... so off the top of my head
I'm not sure how to best suggest a change for the existing init.d
script.

-- 
wrong ACL on log file
https://bugs.launchpad.net/bugs/155823
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs