[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Scrub vnc password for vfb

On Tue, Feb 05, 2008 at 08:45:10AM +0000, Keir Fraser wrote:
> This leads to a question -- should xend.log (and our other log files) be
> world readable in the first place?

In Fedora & RHEL  /etc/xen and /var/log/xen are both mode 0700

> If we want to change it we may have to hack the logging package a bit, as it
> seems that Python's open() function calls fopen() which does not allow you
> to manually specify access permissions. Although we could have xend set its
> umask to 0770. Maybe that would break other stuff though?

The permissions of the logfile don't really matter once you set the directory
permissions - and this gives the admin flexibility to chmod/chgrp the dir
to allow selected users acccess to the logs

The main reason for scrubbing the logs is to protect users' passwords when
they post logfiles to mailing lists / bug trackers :-)

|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.