I've had to modify my /etc/newsyslog.conf to keep it from recurring.

peter

On 2/24/06 2:49 AM, "Gilles Gravier" <Gilles@Gravier.org> wrote:

> Thanks, Water...
> 
> This is, indeed, what is going on... my wtmp and wtmpx are group name=wheel
> 
> And I agree that they should (as specified by /etc/mtree/special) be
> group name=utmp
> 
> The problem is that when I set them to group name=utmp, something, in my
> machine, sets them back to group name=wheel
> 
> What I need to identify is what is it that does this change so that I
> can prevent it from happening again.
> 
> Gilles.
> 
> Water NB wrote:
>> I guess your /va/log/wtmp is: group name=wheel
>> 
>> see also /etc/mtree/special:
>> in 1.82.2.6, wtmp and wtmpx changed to gname=utmp
>> so you should keep sync with it.
>> 
>> On Fri, Feb 24, 2006 at 06:51:33AM +0100, Gilles Gravier wrote:
>>   
>>> Hi!
>>> 
>>> Ever since I moved to NetBSD 3.0, in my daily insecurity report, I get
>>> the following :
>>> 
>>> Checking special files and directories.
>>> var/log/wtmpx: 
>>> gid (45, 0)
>>> var/log/wtmp: 
>>> gid (45, 0)
>>> 
>>> 
>>> 
>>> Now, even if I change these files manually back to GID 45, the next day
>>> they again get changed back to GID 0.
>>> 
>>> What is responsible for this change? How can I prevent it?
>>> 
>>> Thanks in advance,
>>> Gilles.
>>>     
>> 
>>   
> 
>