Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Brad Plant <bplant@...>
Subject: Re: Re : Running app-admin/syslog-ng without rootprivileges
Date: Wed, 16 Nov 2005 23:13:21 +1100
On Wed, 2005-11-16 at 12:54 +0100, varagnat@... wrote:
> > dedicated non-root account. May be we need to ask syslog-ng authors to
> > implement the same scheme as in sysklogd?
> 
> Or syslog-ng could have root permissions just for opening /proc/kmsg and then leave its rights when switching to normal user. But by saying that I make some assumptions on how /proc/kmsg works and how it must be used.

I ran syslog-ng as a non-root user once before, but now I run it as
root. From what I can remember, syslog-ng opened /proc/kmsg before
dropping privileges, however when you sent the HUP signal (i.e. after
running logrotate) it closed all the files and reopened them again.
Because it no longer had root permissions, it couldn't
reopen /proc/kmsg.

If /proc/kmsg was group readable and the group was set to a special
logger group, then I don't see why syslog-ng couldn't be run as a
non-root user.

Cheers,

Brad

-- 
gentoo-security@g.o mailing list


Replies:
Re: Re : Running app-admin/syslog-ng without rootprivileges
-- Miguel Figueiredo Mascarenhas Sousa Filipe
Re: Running app-admin/syslog-ng without rootprivileges
-- Jerome Poggi
References:
Re : Running app-admin/syslog-ng without rootprivileges
-- varagnat
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re : Running app-admin/syslog-ng without rootprivileges
Next by thread:
Re: Running app-admin/syslog-ng without rootprivileges
Previous by date:
Re : Running app-admin/syslog-ng without rootprivileges
Next by date:
Re: Running app-admin/syslog-ng without rootprivileges


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.