Bug#870638: systemd: /var/log/btmp has inconsistent permissions

Mark Charter mark at nctr.co.uk
Fri Aug 4 15:48:12 BST 2017


At the moment systemd sets the permissions/ownership on /var/log/btmp
to 0600 root:utmp (in /usr/lib/tmpfiles.d/var.conf).

If all the programs that need to read or write /var/log/btmp are already
running with root privileges, then 0600 seems OK, and ownership might as
well be root:root.

This would require changes to /etc/logrotate.conf (in the logrotate
package) and the post-installation script of the base-files package,
otherwise the permissions on /var/log/btmp may change across reboots
and logfile rotations.

Mark.

Michael Biebl writes:
 > Am 04.08.2017 um 11:27 schrieb Mark Charter:
 > > Michael,
 > > 
 > > Thanks for your reply.
 > > 
 > > /var/log/btmp should not be world readable because a common cause of
 > > login failures is to give password instead of username, which would
 > > result in passwords being world readable.  See Debian bug 341883:
 > > 
 > 
 > Hm, if that is the case that passwords are logged to that file, do we
 > really want to make that file read/writable by group utmp?
 > 
 > The Debian policy [1] only says that /var/log/wtmp,lastlog and
 > /var/run/utmp should be writable by group utmp.
 > 
 > Given that, wouldn't it be a safer default to have 0600 root:root for
 > /var/log/btmp as systemd creates it?
 > 
 > Michael
 > 
 > [1]
 > https://www.debian.org/doc/debian-policy/ch-customized-programs.html#s11.3
 > 
 > x[DELETED ATTACHMENT signature.asc, application/pgp-signature]




More information about the Pkg-systemd-maintainers mailing list