On 07/17/2013 06:59 AM, Timothy Murphy issued this missive:
I'm tired of saying "sudo less /var/log/maillog" or "messages". Is there any non-paranoiac reason for not making /var/log/ files readable say by wheel?
The consensus seems to be that it's OK to change the permissions and I agree. Making the files world-readable should be possible except in some extreme cases. The reason the files are, by default, NOT world-readable is simply one of security. Many programs (if using verbose logging) may expose security-related items in plaintext in the log files (usernames, passwords, GPG keys, etc.). Having the files readable by anyone allows any lurker to find these things very easily. Many programs warn about this issue in their man pages. For example, using "wget http://username:password@xxxxxxxxxxxx"; or "wget --user=user --password=password http://somesite.com"; may log that to a logger program (e.g. if you have bash logging enabled) and the credentials are blatantly obvious in a "ps" listing. That's just my opinion. But then again, I run a PCI-compliant shop. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - "The bogosity meter just pegged." - ---------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
