From f6e64b78ccab6554f7c5f04daffaa9f30b2ccb20 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 4 Oct 2017 21:44:29 +0200 Subject: [PATCH] =?UTF-8?q?tmpfiles:=20change=20btmp=20mode=200600=20?= =?UTF-8?q?=E2=86=92=200660=20(#6997)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As discussed in #6994. Fixes: #6994 --- NEWS | 9 +++++++++ tmpfiles.d/var.conf.m4 | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index e639f4878f1..45fd911fadd 100644 --- a/NEWS +++ b/NEWS @@ -193,6 +193,15 @@ CHANGES WITH 235: * .timer units now accept calendar specifications in other timezones than UTC or the local timezone. + * The tmpfiles snippet var.conf has been changed to create + /var/log/btmp with access mode 0660 instead of 0600. It has been + owned by the "utmp" group already, and it appears to be generally + understood that members of "utmp" can modify/flush the + utmp/wtmp/lastlog/btmp databases. Previously this was implemented + correctly for all these database excepts btmp, which has been opened + up like this now too. Note that while the other databases are + world-readable (i.e. 0644), btmp is not and remains more restrictive. + Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar Burchardt, b1tninja, bengal, Benjamin Berg, Benjamin Robin, Charles diff --git a/tmpfiles.d/var.conf.m4 b/tmpfiles.d/var.conf.m4 index 380c717ba67..0e2c50966d6 100644 --- a/tmpfiles.d/var.conf.m4 +++ b/tmpfiles.d/var.conf.m4 @@ -14,7 +14,7 @@ L /var/run - - - - ../run d /var/log 0755 - - - m4_ifdef(`ENABLE_UTMP', f /var/log/wtmp 0664 root utmp - -f /var/log/btmp 0600 root utmp - +f /var/log/btmp 0660 root utmp - f /var/log/lastlog 0664 root utmp - )m4_dnl