Hi, I'm currently trying to get syslog-ng running as a non-privileged user. What I've done so far is as follows: * create a sysng user and group * stopped syslog from running * modified /etc/sysconfig/syslog-ng and set SYSLOGNG_OPTIONS to SYSLOGNG_OPTIONS="-p /var/run/syslogd.pid -u sysng -g sysng" * Added the following to my config file: owner(sysng); group(sysng); perm(0600); # default owner, group, and permissions for created directories # (defaults are 0, 0, 0700) dir_owner(sysng); dir_group(sysng); dir_perm(0700); * Fixed permissions under /var/log as follows: chgrp -R sysng /var/log chmod -R g+wx /var/log * However, my primary problem is reading from /proc/kmsg. It seems that when syslog-ng initially starts, it can open /proc/kmsg before it drops privileges to sysng. Strace shows that it did: 17692 open("/proc/kmsg", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 3 However, I then find the following in my /var/log/messages file: Nov 28 10:42:37 localhost syslog-ng[18356]: I/O error occurred while reading; fd='3', error='Operation not permitted (1)' So it looks like it can't read from /proc/kmsg. Has anyone gotten this working? I found several related emails but without a resolution to this issue including: * https://lists.balabit.hu/pipermail/syslog-ng/2007-January/009684.html * https://lists.balabit.hu/pipermail/syslog-ng/2007-October/010804.html One possible solution that I'm currently thinking of is to use klogd instead of reading from /proc/kmsg. Any input? Thanks for your help. -- Mathew Brown mathewbrown@fastmail.fm -- http://www.fastmail.fm - One of many happy users: http://www.fastmail.fm/docs/quotes.html