Hi ! On Wed, 28 Jun 2000, Thomas Forbriger wrote:
On Wed, 28 Jun 2000, Roman Drahtmueller wrote:
[ logfile permissions ]
I don't agree. There may be a lot of information in log files that should not be accessible to everybody. Think of mail log entries - you may read who has send a message of which size when to whom. To protect this is a question of privacy. Or on older systems I frequently found entries of the type
invalid password for `mypassword' on `tty1'
when users were hastily login in and were out of phase with the login and password prompts. On many systems it's not too hard to check all available accounts for 'mypassword' (and it's all too bad if it's the root password that was logged).
I could not reproduce the latter effect with my recent configuration (/bin/login from shadow-980724-36 in SuSE 6.1). If the typed username at the login prompt is not valid it logs
invalid password for `UNKNOWN' on `tty1'
Has the behaviour of /bin/login changed - can anybody confirm this?
From /etc/login.defs: [...snip...] # Enable display of unknown usernames when login failures are recorded. # LOG_UNKFAIL_ENAB no [...snip...]
This prevents the logging of passwords if they are typed in by mistake as the username. The word "UNKNOWN" will be used in that case. mfg andy -- Informationen zum oesterreichischen Usenet http://www.usenet.at/ Verein fuer Internet-BEnutzer Oesterreichs (.AT) http://www.vibe.at/ I am from Austria - but I did not vote for Joerg Haider and the FPOE.