In message <43FEC897.5020703@Gravier.org>, Gilles Gravier writes:
>This is a cryptographically signed message in MIME format.
>
>--------------ms020409010507030406020303
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>Content-Transfer-Encoding: 7bit
>
>Thanks, Water...
>
>This is, indeed, what is going on... my wtmp and wtmpx are group name=wheel
>
>And I agree that they should (as specified by /etc/mtree/special) be 
>group name=utmp
>
>The problem is that when I set them to group name=utmp, something, in my 
>machine, sets them back to group name=wheel
>
>What I need to identify is what is it that does this change so that I 
>can prevent it from happening again.

You have to change /etc/newsyslog.conf

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb