whatever. I still
might want to create output files with permissions appropriate to archive files or make them available for other legitimate users.
I may add a chmod() call to enforce perm bits. What do others think?
Perhaps a "override_umask()" boolean option (global or per destination), with the local overriding the global (so you can change the default to not interact with the umask). Of course, this requires the most code :) -- afort
Andrew Fort on Tue, Nov 14, 2000 at 11:21:07PM +1000: Hi,
I may add a chmod() call to enforce perm bits. What do others think?
Perhaps a "override_umask()" boolean option (global or per destination), with the local overriding the global (so you can change the default to not interact with the umask).
I don't think it needs to be THAT configurable. To make it secure by default and still functional, I would: - set initial umask to 077 at startup (secure by default); - call open() without mode arguments; - if there are any perm directives for that destination, call fchmod() to apply the permissions the user is asking for; This way, everything is created 0600 syslog-ng user:group by default, and if anybody thinks this should be less restrictive, they have the power to do so by adding (dir_)perm directives. Rgrds, Gregor. -- Gregor Binder <gbinder@sysfive.com> http://www.sysfive.com/~gbinder/ sysfive.com GmbH UNIX. Networking. Security. Applications. Gaertnerstrasse 125b, 20253 Hamburg, Germany TEL +49-40-63647482
participants (2)
-
Andrew Fort
-
Gregor Binder