| 1 |
On Wed, 2005-11-16 at 12:54 +0100, varagnat@××××××.fr wrote: |
| 2 |
> > dedicated non-root account. May be we need to ask syslog-ng authors to |
| 3 |
> > implement the same scheme as in sysklogd? |
| 4 |
> |
| 5 |
> Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used. |
| 6 |
|
| 7 |
I ran syslog-ng as a non-root user once before, but now I run it as |
| 8 |
root. From what I can remember, syslog-ng opened /proc/kmsg before |
| 9 |
dropping privileges, however when you sent the HUP signal (i.e. after |
| 10 |
running logrotate) it closed all the files and reopened them again. |
| 11 |
Because it no longer had root permissions, it couldn't |
| 12 |
reopen /proc/kmsg. |
| 13 |
|
| 14 |
If /proc/kmsg was group readable and the group was set to a special |
| 15 |
logger group, then I don't see why syslog-ng couldn't be run as a |
| 16 |
non-root user. |
| 17 |
|
| 18 |
Cheers, |
| 19 |
|
| 20 |
Brad |
| 21 |
|
| 22 |
-- |
| 23 |
gentoo-security@g.o mailing list |
Archives