[syslog-ng] messed up permissions on /dev/null destination
on solaris
Ed Ravin
eravin at panix.com
Mon Oct 17 17:57:37 CEST 2005
On Mon, Oct 17, 2005 at 11:19:58AM -0400, Carson Gaspar wrote:
> --On Monday, October 17, 2005 01:06:34 PM +0200 Balazs Scheidler
> <bazsi at balabit.hu> wrote:
>
> >I'm wondering what the best solution would be. My idea is to completely
> >refuse changing permissions if the filename begins with /dev (and don't
> >issue a log message), is that reasonable?
>
> Personally, I lean toward "You told me to do something stupid, and I'm
> doing it" (i.e. set the permissions as asked).
>
> If you are going to hack around operator error, please don't check the
> pathname. Check if the file is a device special file (you may want to
> include FIFOs).
Checking for the type of device is a good idea, permissions on devices
are usually set at installation time or otherwise by the admin, and it
is a big surprise when they get changed.
But let's go one level deeper - why are the "operators" configuring
syslog-ng.conf to write to /dev/null in the first place and thus
making this error? It's because the sysadmins want to discard
certain log entries. Why not facilitate that by making a special
"discard" destination? Surely that has to more efficient than
opening up /dev/null, possibly changing its permissions, and then writing
data to it on a regular basis just to get thrown away.
-- Ed
More information about the syslog-ng
mailing list