[syslog-ng]umask settings?
Gregor Binder
gbinder@sysfive.com
Tue, 14 Nov 2000 15:21:47 +0100
--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Andrew Fort on Tue, Nov 14, 2000 at 11:21:07PM +1000:
Hi,
> > I may add a chmod() call to enforce perm bits. What do others think?
>=20
> Perhaps a "override_umask()" boolean option (global or per destination),
> with the local overriding the global (so you can change the default to not
> interact with the umask).
I don't think it needs to be THAT configurable. To make it secure by
default and still functional, I would:
- set initial umask to 077 at startup (secure by default);
- call open() without mode arguments;
- if there are any perm directives for that destination, call
fchmod() to apply the permissions the user is asking for;
This way, everything is created 0600 syslog-ng user:group by default,
and if anybody thinks this should be less restrictive, they have the
power to do so by adding (dir_)perm directives.
Rgrds,
Gregor.
--=20
Gregor Binder <gbinder@sysfive.com> http://www.sysfive.com/~gbinder/
sysfive.com GmbH UNIX. Networking. Security. Applications.
Gaertnerstrasse 125b, 20253 Hamburg, Germany TEL +49-40-63647482
--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (SSF/Unix)
Comment: For info see http://www.sysfive.com/
iD8DBQE6EUp7sSgBwCDG2lURAsf5AJ9neFvUZFkSM1Bkk6z3Gg6clyut+ACeLDX4
wFl/QZV1A539zvMgrw0zPMM=
=zSlX
-----END PGP SIGNATURE-----
--a8Wt8u1KmwUX3Y2C--