From fd04d29e75a600a186a9970f445ca7eae70bd05e Mon Sep 17 00:00:00 2001
From: jfs <jfs@313b444b-1b9f-4f58-a734-7bb04f332e8d>
Date: Tue, 1 Nov 2005 20:47:01 +0000
Subject: [PATCH] Clarify text on file ownerships as suggested by Olaf van der
 Spek

git-svn-id: svn://anonscm.debian.org/ddp/manuals/trunk/developers-reference@3583 313b444b-1b9f-4f58-a734-7bb04f332e8d
---
 developers-reference.sgml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/developers-reference.sgml b/developers-reference.sgml
index 1875e12..f1213be 100644
--- a/developers-reference.sgml
+++ b/developers-reference.sgml
@@ -7,7 +7,7 @@
   <!ENTITY % dynamicdata  SYSTEM "dynamic.ent" > %dynamicdata;
 
   <!-- CVS revision of this document -->
-  <!ENTITY cvs-rev "$Revision: 1.278 $">
+  <!ENTITY cvs-rev "$Revision: 1.279 $">
 
   <!-- if you are translating this document, please notate the CVS
        revision of the original developer's reference in cvs-en-rev -->
@@ -4342,20 +4342,21 @@ for this.
 <item>Configuration files should be readable by the system user, if they
 contain sensitive information the system user should not own them unless there
 is a need for it to write to its own configuration files. Typically this means
-that the configuration files are owned by group, belong to the group of the
-system user and are mode 0640.
+that the configuration files are owned by root and by the system group created
+by the package and are mode 0640.
 
-<item>The system user if it generates state files (such as pidfiles) should
-have a directory under <tt>/var/run</tt> owned by it. This directory should be
-recreated by the init.d script since the state directory might be wiped out
-after a system boot.
+<item>If the The system user generates state files (such as pidfiles) it will
+need to have a directory under <tt>/var/run</tt> owned by itself.  It can be
+created by the package maintainers script but, since it can be wiped after a
+system reboot, it should be be recreated by the init.d script since the state
+directory.
 
 <item>If the daemon logs directly to <tt>/var/log</tt> logfiles should be
 writable by the system user but, once rotated, they should not be either owned
 or writable by it to prevent it from overwritting old log entries if a security
 vulnerability in the software were to be used. If the daemon logs to a
-directory under <tt>/var/log/</tt> then it should be owned by the system user
-and rotated log files need not be changed ownership.
+directory under <tt>/var/log/</tt> then the directory should be owned by the
+system user and rotated log files need not be changed ownership.
 
 </list>
 
-- 
2.30.2