Subject: Re: misc/18670: lastlog has bad permissions by default
To: NetBSD Bugs and PR posting List <netbsd-bugs@NetBSD.ORG>
From: gabriel rosenkoetter <>
List: netbsd-bugs
Date: 10/16/2002 15:56:38
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 16, 2002 at 03:07:53PM -0400, Greg A. Woods wrote:
> Sorry, I really meant to point to /var/run/utmp, not /var/log/wtmp!
> /var/log/lastlog should not be any different than either /var/log/wtmp
> or /var/run/utmp.  I.e. they're all written by the same programs and
> should all have the same permissions and ownerships.
> I.e. the ownership of /var/log/wtmp is also not correct.  :-)

Then how are we managing to write to it properly? (Ne'mind, you
answer that below...)

Btw, I don't see a /var/log/utmp on any of my NetBSD systems
(1.5.3_ALPHA, 1.6D, and 1.6F, with userlands from the same date as
the kernel). Am I missing something? Has this been added since 1.6F?

> However there are some programs which write to wtmp and lastlog and
> which do not really need to be run as root for any other reason.  I've
> had some success with using the existing "utmp" group and lowering their
> set-user-id root privileges to set-group-id utmp (and of course giving
> all the relevant files the appropriate group owner and permissions).

Hrm. What about third party stuff that will now have to be that it
should install itself sgid utmp on NetBSD? (Think, ossh, so

> (Unfortunately most such programs need fixes to the pty interface before
> they can truly give up their silly set-user-id root nature, eg. xterm)

Well, that's no reason not to clean this up in the right way, of

gabriel rosenkoetter

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (NetBSD)