[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng] Unable to run syslog-ng 3.0.4 as non-root on
From: Balazs Scheidler <bazsi () balabit ! hu>
Date: 2009-08-18 18:00:32
Message-ID: 1250618432.7359.6.camel () bzorp ! balabit
[Download RAW message or body]
On Mon, 2009-08-17 at 12:05 +0200, SZALAY Attila wrote:
> Hi All!
>
> On Fri, 2009-08-14 at 09:20 -0400, Jeffrey Psolla wrote:
> >
> > Yesterday I upgraded syslog-ng on our central log server from 2.0.5
> > to 3.0.4 . The OS is solaris 10. Prior to the upgrade I was able to
> > run syslog-ng as a non-root user with the following command:
>
> syslog-ng versions before 3.0 open the source files before the uid
> changes. But that would cause problem when syslog-ng reloading, because
> that time the root privileges has been already dropped, so syslog-ng
> cannot reopen the files.
Just to clarify, but Sasa is right here: syslog-ng 2.1 and before
initialized the configuration right _before_ changing the user/group
setting. However this means that whenever you reload the configuration
with a SIGHUP, you'll get a problem and you can only restart syslog-ng.
Thus, syslog-ng 3.0 changed this, we change user/group setting _before_
initializing the configuration file.
However I see no easy way out, unless you also sacrifice configuration
reloads. I might add a --delay-setuid command line option, if you are
willing to sacrifice reloads. Are you?
>
> Because of this Bazsi changed the order. So you have no mysteries error
> when reloading syslog-ng but a clear message at starting time.
>
> The problematic file is the door file which stay in the /etc directory
> where non-root programs cannot write (create and/or delete files).
>
> So I think that it's not possible to run syslog-ng as non-root user on
> Solaris now.
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
--
Bazsi
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic