Currently, the perms on /var/log/emerge.log are just 655, the perms should be something more like 600. Trivial, but something to lock down portage more. Reproducible: Always Steps to Reproduce: 1. ls -l /var/log/emerge.log 2. 3. Portage 2.0.49-r15 (hardened-x86-1.4, gcc-3.2.3, glibc-2.3.2-r3, 2.4.20-gentoo-r7) ================================================================= System uname: 2.4.20-gentoo-r7 i686 Celeron (Mendocino) Gentoo Base System version 1.4.3.10 distcc 2.11.1 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O3 -mcpu=i686 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-O3 -mcpu=i686 -pipe" DISTDIR="/raid/distfiles" FEATURES="ccache autoaddcvs sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://192.168.1.1/gentoo-portage" USE="x86 zlib gdbm berkdb slang readline pam libwww perl python -nls -doc -tcpd crypt apache2 ssl sasl maildir mysql"
perhaps chgrp it to portage and then do similar permission settings on /var/db/pkg, /var/cache/edb, etc...
i could, but why doesn't portage do this by default? users that are not in the portage group should not be able to read all of that anyway ...
i wasnt telling you to do it i was offering other similar improvements :P
added into portage by carpaski