Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
On Wed, 2005-11-16 at 12:54 +0100, varagnat@... wrote:
> > dedicated non-root account. May be we need to ask syslog-ng authors to
> > implement the same scheme as in sysklogd?
>
> Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used.
I ran syslog-ng as a non-root user once before, but now I run it as
root. From what I can remember, syslog-ng opened /proc/kmsg before
dropping privileges, however when you sent the HUP signal (i.e. after
running logrotate) it closed all the files and reopened them again.
Because it no longer had root permissions, it couldn't
reopen /proc/kmsg.
If /proc/kmsg was group readable and the group was set to a special
logger group, then I don't see why syslog-ng couldn't be run as a
non-root user.
Cheers,
Brad
--
gentoo-security@g.o mailing list
|
|
