Hi, I confirmed selinux config to use getenforce command. Command returned "Disabled" /etc/sysconfig/selinux # This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - SELinux is fully disabled.SELINUX=disabled#SELINUX=enforcing# SELINUXTYPE= type of policy in use. Possible values are:# targeted - Only targeted network daemons are protected.# strict - Full SELinux protection.SELINUXTYPE=targeted Thanks hiro> Date: Mon, 24 Dec 2007 22:45:08 -0800> From: erempel@uvic.ca> To: syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] Why syslog-ng'config permission change ?> > Do you have security enhanced linux enables (SELinux).> That will reset permission on a reboot.> > Evan.> > hi ro wrote:> > Hi,> > > > I installed syslog-ng.> > At that time, syslog-ng.conf's permission was 644.> > > > I let A user (not root) to update syslog-ng.conf,> > so I changed permission to 666.> > > > But I reboot the Server, then syslog-ng.conf's permission returned 644.> > > > Why ?> > > > Thanks> > hiro> > > > ------------------------------------------------------------------------> > 出会いがない、と嘆いているあなたにぴったりの恋人探し！まずは無料検索！ > > http://match.jp.msn.com/channel/index.aspx?avo=1&trackingid=1034447 > > <http://clk.atdmt.com/GBL/go/msnjpqjl0040000020gbl/direct/01/>> > > > > > ------------------------------------------------------------------------> > > > _______________________________________________> > syslog-ng maillist - syslog-ng@lists.balabit.hu> > https://lists.balabit.hu/mailman/listinfo/syslog-ng> > Frequently asked questions at http://www.campin.net/syslog-ng/faq.html> > > > _______________________________________________> syslog-ng maillist - syslog-ng@lists.balabit.hu> https://lists.balabit.hu/mailman/listinfo/syslog-ng> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html> _________________________________________________________________ Hotmailがお届けする、幸せになるためのメールマガジン「ビジネス幸福論」実施中 http://go.windowslive.jp/

On Mon, 24 Dec 2007 22:45:08 PST, Evan Rempel said:

Do you have security enhanced linux enables (SELinux). That will reset permission on a reboot.

No, SELinux will *not* do that. It does *not* reset permissions, ever. What it *will* do is fail an access if the security attributes aren't set correctly. So you'll try to open a file and get -EPERM. Please note that setting the syslog-ng.conf file to mode 666 basically gives all users an instant rootshell. Consider the following: 1) User puts "destination (file "/etc/passwd");" in the file. 2) User then uses 'logger "\nmyroot::0:0:::::/bin/bash", or similar. User now has a myroot userid with no password. Have a nice day. ;)