Re: Confusing security report
- Reply: Lowell Gilbert : "Re: Confusing security report"
- Reply: D'Arcy Cain : "Re: Confusing security report"
- In reply to: lain.: "Re: Confusing security report"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 08 Jun 2024 15:13:53 UTC
On 2024-06-08 10:45, lain. wrote: > On 2024年06月08日 08:41, the silly D'Arcy Cain claimed to have said: >> On a number of my servers I have the following in the daily security report: >> >> Checking login.conf permissions: >> Bad ownership of /etc/login.conf >> >> The thing is that I don't have that file. I create /etc/login.conf.db from >> a file in my own repository. Would I be OK creating an empty >> /etc/login.conf just to keep it quiet? > > Just curious, but why do you not have a /etc/login.conf file? > From my understanding, this is one of the mandatory files on any BSD > system, even if everything is commented out (or the file is blank). > > So a simple `touch /etc/login.conf` would silence the report. I thought I explained that but let me expand. I have a login.conf in my subversion repository which is checked out on every server in my farm. At boot time it runs this command: cap_mkdb -f /etc/login.conf /Vybe/etc/general/login.conf So that creates the /etc/login.conf.db. If that db file exists it will be used regardless of whether /etc/login.conf exists. I thought I could simply symlink the repo file into /etc but I am pretty sure that would give me the same ownership warning. Yah, I will probably just create an empty file for login.conf. Maybe my rc.local, where I have that cap_mkdb command, can simply do this: >/etc/login.conf -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner. IM: darcy@Vex.Net, VoIP: sip:darcy@druid.net