[ale] Any reason not to open read permissions to /var/log/messages?
Michael H. Warfield
mhw at WittsEnd.com
Tue Apr 8 15:08:23 EDT 2008
On Tue, 2008-04-08 at 14:24 -0400, Jeff Lightner wrote:
> /var/log/messages is currently only read/write for root with no
> permissions for anyone else.
> Other than “none of their business” can anyone tell me any reason not
> to allow DBAs the ability to read the file (i.e. change it to be read
> for group and other)?
There can, occasionally, be sensitive information in there. Just make
sure nothing "security" related is being routed into that file and you
may be OK. Every once in a while the security level will have sensitive
passwords when someone enters a password into a user id field.
I wouldn't open it up to just anyone poking, however. Principle of
minimums. Minimum privs and minimum access. If the DBA's need it,
change to group to a specific group, give it read access and add it to
their accounts as a secondary group. Don't just a+r it.
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20080408/8b80ee62/attachment.bin
More information about the Ale
mailing list