logcheck doesn't work anymore

Marco Beishuizen mbeis at xs4all.nl
Sat Sep 13 00:51:22 UTC 2008

On Fri, 12 Sep 2008 18:02:37 -0400
Greg Larkin <glarkin at freebsd.org> wrote:

> Hi Marco,
> Right you are!  In fact, after my initial logcheck commit, someone
> opened a PR stating something very similar to what you noted:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127255
> The submitter's point is that the logcheck user should not be part of
> the wheel group, since that also confers the ability to su to root and
> read many files that should be private.
> A patch has been committed very recently to remove the logcheck user
> from the wheel group and change the verbiage in pkg-message:
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-install.in.diff?r1=1.1;r2=1.2
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-message.in.diff?r1=1.1;r2=1.2
> Any file that needs to be analyzed by logcheck will now have to be
> readable by the logcheck group instead of the wheel group.
> Best regards,
> Greg
> - --
> Greg Larkin

I upgraded to the latest version today and now there is a separate
logcheck group. But logcheck still only works when the logfiles have
permission 644. Most of them had permissions set to 600 but then I get
the same error messages as before.

Or should I change the owner of all logfiles from root to logcheck and
then the permissions back to 600?

I'd rather just believe that it's done by little elves running around.

More information about the freebsd-questions mailing list