Subject: Re: misc/18670: lastlog has bad permissions by default
To: NetBSD Bugs and PR posting List <netbsd-bugs@NetBSD.ORG>
From: gabriel rosenkoetter <>
List: netbsd-bugs
Date: 10/16/2002 17:20:55
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 16, 2002 at 04:41:26PM -0400, Greg A. Woods wrote:
> Did I say /var/log/utmp?  Nope, I really did say /var/run/utmp!  ;-)

So you did. Apologies. :^>

> > Hrm. What about third party stuff that will now have to be that it
> > should install itself sgid utmp on NetBSD? (Think, ossh, so
> > forth.)
> Those two at least must run as root regardless.  xterm-like things
> (rxvt, eg.) are the ones which might best get this new ability once the
> pty-granting problem has been fixed.

Actually, no they don't. (Don't listen on port 22, but on, say,
2022, only allow authentication via PKI, don't permit root login,
have the host key readable only by the user as whom you're run sshd
(and root, of course) rather than as root. The problem is that
you can then only login as that user. But at that point the only
thing holding back a non-root, per-user sshd if you *really* want
it is ptys, isn't it?)

In any case, SSH daemons maybe weren't the best example. But
tracking down all the stuff that's used to the existing ownership
(if anything exists) would be a good idea before changing. (Or, I
guess, change it and see what breaks...)

gabriel rosenkoetter

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.7 (NetBSD)