Permissions on /var/log/ files
Matthew Miller
mattdm at fedoraproject.org
Wed Jul 17 16:57:53 UTC 2013
On Wed, Jul 17, 2013 at 09:44:41AM -0700, Rick Stevens wrote:
> The reason the files are, by default, NOT world-readable is simply one
> of security. Many programs (if using verbose logging) may expose
> security-related items in plaintext in the log files (usernames,
> passwords, GPG keys, etc.). Having the files readable by anyone allows
> any lurker to find these things very easily. Many programs warn about
> this issue in their man pages.
Theeeeretically, such messages should use the authpriv facility and thus be
put into /var/log/secure.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm at fedoraproject.org>
More information about the users
mailing list