On Mon, Oct 17, 2005 at 11:19:58AM -0400, Carson Gaspar wrote:
--On Monday, October 17, 2005 01:06:34 PM +0200 Balazs Scheidler <bazsi@balabit.hu> wrote:
I'm wondering what the best solution would be. My idea is to completely refuse changing permissions if the filename begins with /dev (and don't issue a log message), is that reasonable?
Personally, I lean toward "You told me to do something stupid, and I'm doing it" (i.e. set the permissions as asked).
If you are going to hack around operator error, please don't check the pathname. Check if the file is a device special file (you may want to include FIFOs).
Checking for the type of device is a good idea, permissions on devices are usually set at installation time or otherwise by the admin, and it is a big surprise when they get changed. But let's go one level deeper - why are the "operators" configuring syslog-ng.conf to write to /dev/null in the first place and thus making this error? It's because the sysadmins want to discard certain log entries. Why not facilitate that by making a special "discard" destination? Surely that has to more efficient than opening up /dev/null, possibly changing its permissions, and then writing data to it on a regular basis just to get thrown away. -- Ed