On 07/17/2013 09:57 AM, Matthew Miller issued this missive:
On Wed, Jul 17, 2013 at 09:44:41AM -0700, Rick Stevens wrote:
The reason the files are, by default, NOT world-readable is simply one
of security. Many programs (if using verbose logging) may expose
security-related items in plaintext in the log files (usernames,
passwords, GPG keys, etc.). Having the files readable by anyone allows
any lurker to find these things very easily. Many programs warn about
this issue in their man pages.
Theeeeretically, such messages should use the authpriv facility and thus be
put into /var/log/secure.
I concur, but many, MANY programs just log to syslogd and that's where
the gotchas come from. To obviate those issues, non-world-readable is
a rather simplistic but somewhat effective "fix".
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- If at first you don't succeed, quit. No sense being a damned fool! -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
