Andrew Fort on Tue, Nov 14, 2000 at 11:21:07PM +1000: Hi,
I may add a chmod() call to enforce perm bits. What do others think?
Perhaps a "override_umask()" boolean option (global or per destination), with the local overriding the global (so you can change the default to not interact with the umask).
I don't think it needs to be THAT configurable. To make it secure by default and still functional, I would: - set initial umask to 077 at startup (secure by default); - call open() without mode arguments; - if there are any perm directives for that destination, call fchmod() to apply the permissions the user is asking for; This way, everything is created 0600 syslog-ng user:group by default, and if anybody thinks this should be less restrictive, they have the power to do so by adding (dir_)perm directives. Rgrds, Gregor. -- Gregor Binder <gbinder@sysfive.com> http://www.sysfive.com/~gbinder/ sysfive.com GmbH UNIX. Networking. Security. Applications. Gaertnerstrasse 125b, 20253 Hamburg, Germany TEL +49-40-63647482