summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2017-10-04 21:44:29 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2017-10-04 21:44:29 +0200
commitf6e64b78ccab6554f7c5f04daffaa9f30b2ccb20 (patch)
tree83e510d727bf57fa13fdfc03d2d4b792a12d317f
parentdynamic-user: don't use a UID that currently owns IPC objects (#6962) (diff)
downloadsystemd-f6e64b78ccab6554f7c5f04daffaa9f30b2ccb20.tar.xz
systemd-f6e64b78ccab6554f7c5f04daffaa9f30b2ccb20.zip
tmpfiles: change btmp mode 0600 → 0660 (#6997)
As discussed in #6994. Fixes: #6994
-rw-r--r--NEWS9
-rw-r--r--tmpfiles.d/var.conf.m42
2 files changed, 10 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index e639f4878f..45fd911fad 100644
--- a/NEWS
+++ b/NEWS
@@ -193,6 +193,15 @@ CHANGES WITH 235:
* .timer units now accept calendar specifications in other timezones
than UTC or the local timezone.
+ * The tmpfiles snippet var.conf has been changed to create
+ /var/log/btmp with access mode 0660 instead of 0600. It has been
+ owned by the "utmp" group already, and it appears to be generally
+ understood that members of "utmp" can modify/flush the
+ utmp/wtmp/lastlog/btmp databases. Previously this was implemented
+ correctly for all these database excepts btmp, which has been opened
+ up like this now too. Note that while the other databases are
+ world-readable (i.e. 0644), btmp is not and remains more restrictive.
+
Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
Burchardt, b1tninja, bengal, Benjamin Berg, Benjamin Robin, Charles
diff --git a/tmpfiles.d/var.conf.m4 b/tmpfiles.d/var.conf.m4
index 380c717ba6..0e2c50966d 100644
--- a/tmpfiles.d/var.conf.m4
+++ b/tmpfiles.d/var.conf.m4
@@ -14,7 +14,7 @@ L /var/run - - - - ../run
d /var/log 0755 - - -
m4_ifdef(`ENABLE_UTMP',
f /var/log/wtmp 0664 root utmp -
-f /var/log/btmp 0600 root utmp -
+f /var/log/btmp 0660 root utmp -
f /var/log/lastlog 0664 root utmp -
)m4_dnl