Comment 2 for bug 1268011

Log files which can potentially contain sensitive data should usually be <system_user>:adm 640; the group "adm" purpose is that members can read system log files. For "harmless" log files they can be root:root (or from a system user if the daemon is not running as root) and 644.

It would be good if cups could stick to that as well, i. e. either use root:adm 640 or 644; as print jobs and information about them might potentially be sensitive, the former seems better?