Hi Bazsi,

As there are two alternatives for running syslog-ng as non-root, I would not like to add this hack to syslog-ng: 1) run klogd, just as before 2) run syslog-ng 3.0, which manages its own capabilities, with CAP_SYS_ADMIN present in the cap-set /proc/kmsg can be read.

Both alternatives are not (yet) available in some Linux standard distributions (namely Debian and Ubuntu). This is not your problem, sure, just to explain the practical relevance of the workaround: 1) Before implementing my dd workaround I had already tried the klogd solution which I think would be the cleanest solution. On Debian/Ubuntu, however, syslog-ng and klogd are conflicting packages and cannot be installed alongside each other. Even worse: klogd depends on sysklogd which naturally conflicts with syslog-ng. So currently there is no way to get both installed without cleaning up this dependency mess (which probably won't be so easy). 2) As you mention yourself: maintaining CAP_SYS_ADMIN privilege is contrary to most of the rationale for dropping root privilege in the first place. It provides very powerful privileges to syslog_ng just to access /proc/kmsg which may not be acceptable to everybody. Apart from that V3.0 is not (yet) available for Ubuntu/Debian. Florian