Gentoo Archives: gentoo-security

From: Jerome Poggi <Jerome.Poggi@×××.fr>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Running app-admin/syslog-ng without rootprivileges
Date: Thu, 17 Nov 2005 13:59:54
Message-Id: 20051117135033.GN26804@efflam.hsc.fr
In Reply to: Re: Re : [gentoo-security] Running app-admin/syslog-ng without rootprivileges by Brad Plant
On Wed, 16 Nov 2005, Brad Plant wrote:
> I ran syslog-ng as a non-root user once before, but now I run it as > root. From what I can remember, syslog-ng opened /proc/kmsg before > dropping privileges, however when you sent the HUP signal (i.e. after > running logrotate) it closed all the files and reopened them again. > Because it no longer had root permissions, it couldn't > reopen /proc/kmsg.
Why did you rotate yourself your log ? You better use MACRO like : destination full { file("/var/log/full/full_$YEAR.$MONTH.$DAY.log" log_fifo_size(1000) dir_perm(0755) create_dirs(yes)); file("/dev/tty12"); }; destination full_net { file("/var/log/net/net_$HOST.$YEAR/$MONTH.$DAY.log" dir_perm(0755) create_dirs(yes)); }; Its better usable :-) -- Jerome POGGI Jerome.Poggi@×××.fr Herve Schauer Consultants -=- Consultant Sécurité Informatique, CISSP http://www.hsc.fr/ Tèl : +33 141 409 700 -- gentoo-security@g.o mailing list