diff options
author | Lennart Poettering <lennart@poettering.net> | 2017-10-04 21:44:29 +0200 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-10-04 21:44:29 +0200 |
commit | f6e64b78ccab6554f7c5f04daffaa9f30b2ccb20 (patch) | |
tree | 83e510d727bf57fa13fdfc03d2d4b792a12d317f | |
parent | dynamic-user: don't use a UID that currently owns IPC objects (#6962) (diff) | |
download | systemd-f6e64b78ccab6554f7c5f04daffaa9f30b2ccb20.tar.xz systemd-f6e64b78ccab6554f7c5f04daffaa9f30b2ccb20.zip |
tmpfiles: change btmp mode 0600 → 0660 (#6997)
As discussed in #6994.
Fixes: #6994
-rw-r--r-- | NEWS | 9 | ||||
-rw-r--r-- | tmpfiles.d/var.conf.m4 | 2 |
2 files changed, 10 insertions, 1 deletions
@@ -193,6 +193,15 @@ CHANGES WITH 235: * .timer units now accept calendar specifications in other timezones than UTC or the local timezone. + * The tmpfiles snippet var.conf has been changed to create + /var/log/btmp with access mode 0660 instead of 0600. It has been + owned by the "utmp" group already, and it appears to be generally + understood that members of "utmp" can modify/flush the + utmp/wtmp/lastlog/btmp databases. Previously this was implemented + correctly for all these database excepts btmp, which has been opened + up like this now too. Note that while the other databases are + world-readable (i.e. 0644), btmp is not and remains more restrictive. + Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar Burchardt, b1tninja, bengal, Benjamin Berg, Benjamin Robin, Charles diff --git a/tmpfiles.d/var.conf.m4 b/tmpfiles.d/var.conf.m4 index 380c717ba6..0e2c50966d 100644 --- a/tmpfiles.d/var.conf.m4 +++ b/tmpfiles.d/var.conf.m4 @@ -14,7 +14,7 @@ L /var/run - - - - ../run d /var/log 0755 - - - m4_ifdef(`ENABLE_UTMP', f /var/log/wtmp 0664 root utmp - -f /var/log/btmp 0600 root utmp - +f /var/log/btmp 0660 root utmp - f /var/log/lastlog 0664 root utmp - )m4_dnl |