Hello Marco,
I tested the settings with docker, and the following configuration worked for me.
Created a test user/group on my host machine:
$useradd -M -u 1500 marco
Started a docker container:
$docker run -it --network=host -v /tmp/marco:/tmp/marco balabit/syslog-ng-xenial bash
Configuration:
"/tmp/marco/marco_in.txt"
"/tmp/marco/marco_out.txt"
Running syslog-ng:
root@tp:/tmp/marco# syslog-ng -Fdev -f marco.conf
ls -hal on the host machine:
--w------- 1 marco marco 32 márc 2 13:15 marco_out.txt
Output on the host:
cat: marco_out.txt: Permission denied
Mar 2 12:15:01 tp Hello World!
Note:
I used the UID and the GID in the syslog-ng configuration file since there is no such user/group inside my
docker container. I also tested a scenario where I use the username/groupname of the external user, but
of course in this case I have to create them with the same ID inside my container. (If I remember correctly
docker provides some basic mapping between external/internal users, but I am not sure about it.)
Br,
Laci