[syslog-ng] chroot or configuration issue when directories get created as 'root'?

Heigl Florian - Munich-MR - external fheigl at munichre.com
Fri Jan 27 17:42:54 CET 2006


Hi list,
 
I'm stumbling over what is hopefully just a configuration issue...
 
syslog-ng 'seems' to drop privileges and run as user syslogng, 
but creates new directories as root and will fail to write new 
logfiles inside them. I'm afraid this is related to still having port
514 open...
Funny thing: The files in those directories will use the specified
permissions :)
 
I was  starting syslog-ng with the following parameters:
/opt/syslog-ng/sbin/syslog-ng --pidfile=/var/run/syslog-ng.pid
--chroot=/var/opt/syslog-ng
--user=syslogng --group=syslogng
 
# Log file
options { sync (0);
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (on);
          use_dns (yes);
          use_fqdn (yes);
          create_dirs (yes);
# leave this to 'no', see
http://www.campin.net/syslog-ng/faq.html#bad_filenames
          keep_hostname (no);
        };
# Source - only listen on UDP, don't read /dev/log
 source s_udp {  udp(); };

# [ I cut filters section out ]
 
# testing external input now
destination logip {
 
file("/logs/remote/$HOST_FROM/$YEAR$MONTH/$FACILITY$YEAR$MONTH$DAY"
        owner(syslogng) group(syslogng) perm(0600) dir_perm(0700)
create_dirs(yes)
        template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL]
$MESSAGE\n")
 );
};
 
log {
        source(s_udp);
        destination(logip);
};

# EOF
 
Currently I'm running it as root and am thinking about using a
portforward
514->10514 so I don't require any root privileges.
Alternatively I could try out Balabit's restrict, which seems to be
better at
dropping root privileges, but unfortunately I have no clue how it works,
and
am not sure if it will work on HP-UX :)
 
Can You try to make me understand where the problem is hiding?
Configuration? Port Number? Bug? User?
 
Thanks a lot of Your time!
 
Florian
 
--
I'll save You the signature :)


More information about the syslog-ng mailing list