From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: Any problem with making auditd log readable by the adm group?
Date: Mon, 09 May 2016 15:33:16 -0400
Message-ID: <3693067.BeXgSpU3qL@x2>
References: <85futrf3ts.fsf@boum.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <85futrf3ts.fsf@boum.org>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: intrigeri <intrigeri@debian.org>, 759604@bugs.debian.org
List-Id: linux-audit@redhat.com

On Monday, May 09, 2016 09:07:11 PM intrigeri wrote:
> in Debian, the convention for many log files is to make them readable
> by members of the adm group. We're considering doing the same for the
> auditd logs, in order to make apparmor-notify work out-of-the-box.
> 
> The maintainer of auditd in Debian would like to know what's your take
> on it. What kind of problem could be created if we did that?

I can't think of any problems. Just set the log_group = adm in auditd.conf and 
fixup the packaging to have that as the group owner. Auditd should create the 
logs with 0640 permissions.

-Steve