/var/log/wtmp Permissions

berzerked · 03-02-2006, 12:40 PM

*******RedHat Enterprise Server 4*******

From what I've read, the permissions for /var/log/wtmp need to be changed from the default 664 to a more secure 644. The problem is that logins are not written to the wtmp file after I change perms. Any idea as to why?

ls -l /var/log

-rw-rw-r-- 1 root utmp 3840 Mar 2 13:37 wtmp (works)

-rw-r--r-- 1 root utmp 3840 Mar 2 13:37 wtmp (not works)

gilead · 03-02-2006, 01:28 PM

The utmp process needs to be able to write to the file. It's not less secure the way you have it since none of your users should be members of the utmp group.

Removing the write permissions for a group only makes the file more secure when you have group members...

berzerked · 03-02-2006, 01:47 PM

Keeping the perms at 664 is what I'll do as there are no other users in the utmp group.

lqrobert · 10-05-2011, 02:49 PM

/var/log/utmp and /var/log/wtmp have their permissions and groups set in at least two places on RedHat 5.4:

1. /etc/logrotate.conf sets the permissions and ownership to 664 root utmp.

2. /etc/rc.d/rc.sysinit sets the permissions and ownership of /var/run/utmp and /var/log/wtmp to 0664 root:utmp respectively.

I believe these files have utmp ownership so they can be modified by /usr/libexec/utempter/utempter which has permissions 2711, i.e. -rwx--s--x. That SGID bit allows all users to act with as if they belong to utmp. Hence, unless you chmod 0711 /usr/libexec/utempter/utempter ALL users belong to the utmp group as far as utempter is concerned.

It's my understanding that utempter allows certain utilities, e.g. screen and X Windows utilities, to update the last login information stored in wtmp.

Not a definitive answer, but I hope this helps anyone who happens to stumble across this.