On Mon, 2009-08-17 at 12:05 +0200, SZALAY Attila wrote:
Hi All!
On Fri, 2009-08-14 at 09:20 -0400, Jeffrey Psolla wrote:
Yesterday I upgraded syslog-ng on our central log server from 2.0.5 to 3.0.4 . The OS is solaris 10. Prior to the upgrade I was able to run syslog-ng as a non-root user with the following command:
syslog-ng versions before 3.0 open the source files before the uid changes. But that would cause problem when syslog-ng reloading, because that time the root privileges has been already dropped, so syslog-ng cannot reopen the files.
Just to clarify, but Sasa is right here: syslog-ng 2.1 and before initialized the configuration right _before_ changing the user/group setting. However this means that whenever you reload the configuration with a SIGHUP, you'll get a problem and you can only restart syslog-ng. Thus, syslog-ng 3.0 changed this, we change user/group setting _before_ initializing the configuration file. However I see no easy way out, unless you also sacrifice configuration reloads. I might add a --delay-setuid command line option, if you are willing to sacrifice reloads. Are you?
Because of this Bazsi changed the order. So you have no mysteries error when reloading syslog-ng but a clear message at starting time.
The problematic file is the door file which stay in the /etc directory where non-root programs cannot write (create and/or delete files).
So I think that it's not possible to run syslog-ng as non-root user on Solaris now.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Bazsi