tmpfiles: change btmp mode 0600 → 0660 (#6997)

As discussed in #6994. Fixes: #6994
2017-10-04 21:44:29 +02:00 · 2017-10-04 21:44:29 +02:00 · f6e64b78cc
parent 98e4fcec36
commit f6e64b78cc
2 changed files with 10 additions and 1 deletions
--- a/9
+++ b/9
@ -193,6 +193,15 @@ CHANGES WITH 235:
        * .timer units now accept calendar specifications in other timezones
          than UTC or the local timezone.

+        * The tmpfiles snippet var.conf has been changed to create
+          /var/log/btmp with access mode 0660 instead of 0600. It has been
+          owned by the "utmp" group already, and it appears to be generally
+          understood that members of "utmp" can modify/flush the
+          utmp/wtmp/lastlog/btmp databases. Previously this was implemented
+          correctly for all these database excepts btmp, which has been opened
+          up like this now too. Note that while the other databases are
+          world-readable (i.e. 0644), btmp is not and remains more restrictive.
+
        Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
        Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
        Burchardt, b1tninja, bengal, Benjamin Berg, Benjamin Robin, Charles
--- a/tmpfiles.d/var.conf.m4
+++ b/tmpfiles.d/var.conf.m4
@ -14,7 +14,7 @@ L /var/run - - - - ../run
 d /var/log 0755 - - -
 m4_ifdef(`ENABLE_UTMP',
 f /var/log/wtmp 0664 root utmp -
-f /var/log/btmp 0600 root utmp -
+f /var/log/btmp 0660 root utmp -
 f /var/log/lastlog 0664 root utmp -
 )m4_dnl