From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 09 14:36:19 2022 Received: (at 54309) by debbugs.gnu.org; 9 Mar 2022 19:36:19 +0000 Received: from localhost ([127.0.0.1]:60755 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nS26d-0006ly-Fo for submit@debbugs.gnu.org; Wed, 09 Mar 2022 14:36:19 -0500 Received: from xavier.telenet-ops.be ([195.130.132.52]:48160) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nS26Z-0006lm-S3 for 54309@debbugs.gnu.org; Wed, 09 Mar 2022 14:36:17 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by xavier.telenet-ops.be with bizsmtp id 4KcD2700k4UW6Th01KcEWW; Wed, 09 Mar 2022 20:36:14 +0100 Message-ID: <4ca12a3e0b1662addecb8bcca1f63ba5e223e8b8.camel@telenet.be> Subject: Re: [bug#54309] [PATCH] services: auditd: use exclusive log directory for auditd From: Maxime Devos To: fesoj000 , 54309@debbugs.gnu.org Date: Wed, 09 Mar 2022 20:36:09 +0100 In-Reply-To: References: Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-tLn/sBL9Fe03S5Xi02BJ" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1646854574; bh=w6xNKSF/OtFM3NKfxf+2ISGcy87t8zL4oIvIzncQC40=; h=Subject:From:To:Date:In-Reply-To:References; b=MEud/lmgmM8IoYLT5xMO8LLT9oVfvncd1mlXCuaz+SKKCtaNwea80pA6aMIJ87Zzx RxunoAr1ab78LhSL+R28beI97UK9eHwE+H0XCVFRzvsU57qCevBIIzhgQ2yBrd8vU/ PkfSeOFIMmq6PE9zXyk0IUtgQPncQNyOqVrI+63qA24nNOfNFFUwfAiuGBaY+UVHTp xdOVnYS74ClUtxbO7hLFLe+ouCYixPbdiLVRdlMC4swnpkZxMZiYMXGNjqadSI3AvX CN/uLmlzbFcozN7vVmxnsMKbOpIYMqb2YjribXtd65R6aBekQE4U4oMy7JE5g2D0Tq xm0xfX8I0WAPg== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 54309 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-tLn/sBL9Fe03S5Xi02BJ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable fesoj000 schreef op wo 09-03-2022 om 20:21 [+0100]: > Currently auditd writes logs to /var/log/audit.log. This is a problem bec= ause > auditd changes the permissions of the directory audit.log lives in to > 700. Why is auditd doing this? Can this behaviour be patched out? Is there an upstream report? > /var/log usually has 755, this is assumed by some services. postgresql > for example, fails when used together with auditd. Why does postgresql care about the group and other bits? Could postgresql be modified not to care? What are the reasons for changing the group and other bits? Perhaps that should be done by default by Guix when creating /var/log (POLA)? In any case, I would recommend adding to auditd.scm to make clear why the default log location is unacceptable. Greetings, Maxime. --=-tLn/sBL9Fe03S5Xi02BJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYikBqRccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7u6NAPsEXmKP7fsQbcH0vymV1FoyouVQ 1zBRBm9lSWb1eLkC5AEAw3kSFrRC4HAyxEhGM2UzPIWwHBU5OKrZm0i+kaRXgwA= =ODy0 -----END PGP SIGNATURE----- --=-tLn/sBL9Fe03S5Xi02BJ--