[syslog-ng] non-root and chroot

[Balazs Scheidler]

Hi,

Nice to see you here :)

> Is there any work in allowing syslog-ng to:
> 
> a) change its uid and gids to non-root after is has started and opened the
>    appropriate inputs.

It's possible, and really easy to implement, but may cause problems when
syslog-ng is restarted. 

> b) chroot itself after it has started an opened the appropriate inputs.

Again may cause problems upon restart, because the path of the config file
is changed as well.

> (a) is simple to implement. (b) requires a little more thought. e.g.
> it should be smart enough to know that if a destination file is under
> /var/log/logfiles/$DAY if it chroots to /var/log it should try to open
> /logfiles/$DAY and not /var/log/logfiles/$DAY.

I think if you request a chroot() in the configuration file, the logfile
paths will be relative to that root. (they are opened after the jail has
been established), e.g.:

options { chroot("/jails/syslog"); };

destination all { file("/log/messages"); };

Hmm... I see another problem, /dev/log should be opened before chroot, files
should be opened after chroot. Currently configuration reading takes two
steps: 1) read and syntactically check, 2) initialize (open files, pipes,
sockets etc)

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt