1 |
On Wed, 2005-11-16 at 12:54 +0100, varagnat@××××××.fr wrote: |
2 |
> > dedicated non-root account. May be we need to ask syslog-ng authors to |
3 |
> > implement the same scheme as in sysklogd? |
4 |
> |
5 |
> Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used. |
6 |
|
7 |
I ran syslog-ng as a non-root user once before, but now I run it as |
8 |
root. From what I can remember, syslog-ng opened /proc/kmsg before |
9 |
dropping privileges, however when you sent the HUP signal (i.e. after |
10 |
running logrotate) it closed all the files and reopened them again. |
11 |
Because it no longer had root permissions, it couldn't |
12 |
reopen /proc/kmsg. |
13 |
|
14 |
If /proc/kmsg was group readable and the group was set to a special |
15 |
logger group, then I don't see why syslog-ng couldn't be run as a |
16 |
non-root user. |
17 |
|
18 |
Cheers, |
19 |
|
20 |
Brad |
21 |
|
22 |
-- |
23 |
gentoo-security@g.o mailing list |