Gentoo Archives: gentoo-security

From: Brad Plant <bplant@×××××××××××.au>
To: gentoo-security@l.g.o
Subject: Re: Re : [gentoo-security] Running app-admin/syslog-ng without rootprivileges
Date: Wed, 16 Nov 2005 12:23:33
Message-Id: 1132143201.22200.174.camel@puddle-jumper.
In Reply to: Re : [gentoo-security] Running app-admin/syslog-ng without rootprivileges by varagnat@bertin.fr
On Wed, 2005-11-16 at 12:54 +0100, varagnat@××××××.fr wrote:
> > dedicated non-root account. May be we need to ask syslog-ng authors to > > implement the same scheme as in sysklogd? > > Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used.
I ran syslog-ng as a non-root user once before, but now I run it as root. From what I can remember, syslog-ng opened /proc/kmsg before dropping privileges, however when you sent the HUP signal (i.e. after running logrotate) it closed all the files and reopened them again. Because it no longer had root permissions, it couldn't reopen /proc/kmsg. If /proc/kmsg was group readable and the group was set to a special logger group, then I don't see why syslog-ng couldn't be run as a non-root user. Cheers, Brad -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Running app-admin/syslog-ng without rootprivileges Jerome Poggi <Jerome.Poggi@×××.fr>
Re: Re : [gentoo-security] Running app-admin/syslog-ng without rootprivileges Miguel Figueiredo Mascarenhas Sousa Filipe <miguel.filipe@×××××.com>