[syslog-ng] syslog-ng.conf : option group(<gid>);
does not work ( stable version )
catenate
infosec at gmail.com
Thu Oct 27 18:10:54 CEST 2005
On 10/26/05, Yan M. <yannnick_m at yahoo.com> wrote:
>
> Hi,
> in syslog-ng.conf man page it is said that the option group(gid); is used
> to set group on created logfiles. Im trying to use that and it does not
> work
> it is setting the group, not to the group I specify in that group()
> directive, but to
> the group syslog-ng runs as.
> Also, the man page specifies you have to enter the gid in the group()
> option
> but the syslog-ng daemon wont start when the gid is specified in its
> numeral form.
> It should be group(groupname); instead of group(gid); in the man page.
> Does the chgrp works only when syslog-ng is running as root ? If so, it
> is not
> a documented feature ..
>
I suppose it's not documented because it's a standard UNIX security measure
to not allow non-root users to create files belonging to other users. This
would allow users to get around quotas and do other nefarious things.
I do agree that if it's not in the docs, that this should be added. To work
around it you'll need to either run syslog-ng as root and assign file
ownership to another user (less desirable) or create it with explicit file
permissions that allow the users/groups that you desire to see it (more
desirable).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20051027/847da6cb/attachment.html
More information about the syslog-ng
mailing list