Re: [syslog-ng] Umask funkiness

On Fri, Feb 09, 2018 at 08:08:02PM +0000, Robin Blanchard wrote:

If ZFS, is ZFS aclinherit / alcmode biting you?

Yes, ZFS, but I hope not - I shouldn't have any funky aclfoo around

$ ls -V /path/to/problem

logreader$ ls -Vd /logreader/ingest/2018/02 drwxr-s--- 11 logwriter logreader 11 Feb 9 00:00 /logreader/ingest/2018/02 owner@:rwxp-DaARWcCos:------:allow group@:r-x---a-R-c--s:------:allow everyone@:------a-R-c--s:------:allow sanity test: # umask 022 # ls -lag /logreader/ingest/2018/02 drwx--S--- 3 logwriter logreader 3 Feb 9 00:00 09 # UID=10020 mkdir /logreader/ingest/2018/02/test # ls -lag /logreader/ingest/2018/02 drwx--S--- 3 logwriter logreader 3 Feb 9 00:00 09 drwxr-sr-x 2 logwriter logreader 2 Feb 9 20:23 test - Declan

-----Original Message----- From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Declan White Sent: Friday, February 9, 2018 11:01 AM To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Umask funkiness

Already tried directory mode 04750 - no dice. It strips the g+s.

And dir-group ("group") when you aren't a member of that group probably won't fly.

I just need it to not touch stuff. It can only inherit these perms. It can't make them.

On Fri, Feb 09, 2018 at 04:48:01PM +0000, Robin Blanchard wrote:

...

Why not explicitly manage the perms/ownerships with syslog-ng itself? Eg

owner ("owner"); group ("group"); dir-owner ("owner"); dir-group ("group"); perm (0644); dir-perm (0755);

-----Original Message----- From: syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Declan White Sent: Friday, February 9, 2018 10:39 AM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Umask funkiness

I have a directory owned by the syslog-ng user. Its group however belongs to a group of which the user is not a member. The directory is g+s, so that all files and dirs made within it inherit the group owner (and the g+s in the case of dirs).

syslog-ng is running with a umask of 022 (interrogated running process to be sure). The file("/dir/${FOO}/${BAR}") destination driver has : create-dirs(yes) perm() dir-owner() dir-group() dir-perm() i.e. "don't change any perms"

The aim of the game is to end up with files and dirs readable, but not writable, by the inherited group owner. I can't get it working. I am always ending up with drwx--S--- dirs and -rw------- files

Solaris. syslog-ng-3.12.1

-- Declan White ______________________________________________________________________________ Member info: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balab... Documentation: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.... FAQ: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit....

______________________________________________________________________________ Member info: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balab... Documentation: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.... FAQ: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit....

---

Member info: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balab... Documentation: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.... FAQ: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit....

______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq