tmpfiles: change btmp mode 0600 → 0660 (#6997)

As discussed in #6994.

Fixes: #6994

diff --git a/NEWS b/NEWS
index e639f4878f1387174005fd07a1a1bd6fdc6e7c8d..45fd911fadd49370e8359993b4ba01f35a72e56c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -193,6 +193,15 @@ CHANGES WITH 235:
         * .timer units now accept calendar specifications in other timezones
           than UTC or the local timezone.
 
+        * The tmpfiles snippet var.conf has been changed to create
+          /var/log/btmp with access mode 0660 instead of 0600. It has been
+          owned by the "utmp" group already, and it appears to be generally
+          understood that members of "utmp" can modify/flush the
+          utmp/wtmp/lastlog/btmp databases. Previously this was implemented
+          correctly for all these database excepts btmp, which has been opened
+          up like this now too. Note that while the other databases are
+          world-readable (i.e. 0644), btmp is not and remains more restrictive.
+
         Contributions from: Abdó Roig-Maranges, Alan Jenkins, Alexander
         Kuleshov, Andreas Rammhold, Andrew Jeddeloh, Andrew Soutar, Ansgar
         Burchardt, b1tninja, bengal, Benjamin Berg, Benjamin Robin, Charles

diff --git a/tmpfiles.d/var.conf.m4 b/tmpfiles.d/var.conf.m4
index 380c717ba671501d5c61cd24e041052416c365ff..0e2c50966d612e464df081c1d3189ed315abc8e5 100644 (file)
--- a/tmpfiles.d/var.conf.m4
+++ b/tmpfiles.d/var.conf.m4
@@ -14,7 +14,7 @@ L /var/run - - - - ../run
 d /var/log 0755 - - -
 m4_ifdef(`ENABLE_UTMP',
 f /var/log/wtmp 0664 root utmp -
-f /var/log/btmp 0600 root utmp -
+f /var/log/btmp 0660 root utmp -
 f /var/log/lastlog 0664 root utmp -
 )m4_dnl