Hello All, On my SuSE system, I have wtmp log this log file permission is 644 but every reboot the file permission rollback to 664. In the logrotate.conf and logrotate.d/wtmp files the wtmp logrotate set to 644. I would like to know, which "file" or "script" modify the wtmp log to rollback to 664 permission at all reboot times? /var/log/wtmp SuSE Server 10 SP3 log permission rollback???
Before you get your wish, make sure you will enjoy it! Maybe some process of a user in the file's current group is logging in it?
Which users are in the file's group?
Can you change the file's group to one with no members?
Sometimes, it is easier to add your own chmod to the end of the boot scripts, so the exposure is momentary and before users become active.
There is nobody in the utmp group.
Yes there is easier to add line to the boot scripts, but I would like to find which line have been change the argumentum again and again. I have the solution, but I have not found the cause 
On RedHat in the sysinit file there is a line:
chmod 664 /var/log/wtmp, but I would like to found a same on SuSE :S
Can you move it to another path, maybe with a sym link? Maybe something is hitting it with a wild card or recursively by accident. A sym link is ignored on chmod recursion, but not by wild cards.
I cannot modify the settings on the server, I need to explain this violation for my Boss, but I did not found the cause in the rc.script, I have used grep for all /etc
Post rewrite. Found out what is changing the permissions on startup.
See /etc/permissions* (Filename executed varies according to the value in /etc/sysconfig/security). Comments in the file explain it all and what runs the script on startup.
http://gitorious.org/opensuse/permissions/blobs/28f85df259a0cd08a7e35f469fbbb4beb31bb0b1/permissions
I guess it is a prophylactic reset of critical permissions on every boot.
The feature has some really cool variable security levels - including "paranoid".