[syslog-ng] Umask funkiness

Declan White declanw at is.bbc.co.uk
Fri Feb 9 20:40:47 UTC 2018 

On Fri, Feb 09, 2018 at 08:08:02PM +0000, Robin Blanchard wrote:
> If ZFS, is ZFS aclinherit / alcmode biting you?

Yes, ZFS, but I hope not - I shouldn't have any funky aclfoo around
 
> $ ls -V /path/to/problem

logreader$ ls -Vd /logreader/ingest/2018/02  
drwxr-s---  11 logwriter  logreader        11 Feb  9 00:00 /logreader/ingest/2018/02
            owner@:rwxp-DaARWcCos:------:allow
            group@:r-x---a-R-c--s:------:allow
         everyone@:------a-R-c--s:------:allow

sanity test:

# umask
022
# ls -lag /logreader/ingest/2018/02                         
drwx--S---   3 logwriter  logreader          3 Feb  9 00:00 09  
# UID=10020 mkdir /logreader/ingest/2018/02/test
# ls -lag /logreader/ingest/2018/02               
drwx--S---   3 logwriter  logreader          3 Feb  9 00:00 09
drwxr-sr-x   2 logwriter  logreader          2 Feb  9 20:23 test

- Declan
 
> -----Original Message-----
> From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Declan White
> Sent: Friday, February 9, 2018 11:01 AM
> To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
> Subject: Re: [syslog-ng] Umask funkiness
> 
> Already tried directory mode 04750 - no dice. It strips the g+s.
> 
> And dir-group ("group") when you aren't a member of that group probably won't fly.
> 
> I just need it to not touch stuff. It can only inherit these perms. It can't make them.
> 
> On Fri, Feb 09, 2018 at 04:48:01PM +0000, Robin Blanchard wrote:
> > Why not explicitly manage the perms/ownerships with syslog-ng itself? Eg
> > 
> >     owner ("owner");
> >     group ("group");
> >     dir-owner ("owner");
> >     dir-group ("group");
> >     perm (0644);
> >     dir-perm (0755);
> > 
> > -----Original Message-----
> > From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Declan White
> > Sent: Friday, February 9, 2018 10:39 AM
> > To: syslog-ng at lists.balabit.hu
> > Subject: [syslog-ng] Umask funkiness
> > 
> > I have a directory owned by the syslog-ng user. Its group however belongs to a group of which the user is not a member.
> > The directory is g+s, so that all files and dirs made within it inherit the group owner (and the g+s in the case of dirs).
> > 
> > syslog-ng is running with a umask of 022 (interrogated running process to be sure). 
> > The file("/dir/${FOO}/${BAR}") destination driver has :
> >                 create-dirs(yes) 
> >                 perm()
> >                 dir-owner()
> >                 dir-group()
> >                 dir-perm()
> > i.e. "don't change any perms"
> > 
> > The aim of the game is to end up with files and dirs readable, but not writable, by the inherited group owner.
> > I can't get it working. I am always ending up with 
> > drwx--S--- dirs and 
> > -rw------- files
> > 
> > Solaris. syslog-ng-3.12.1
> > 
> > -- 
> > Declan White
> > ______________________________________________________________________________
> > Member info: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Crblanchard%40nephilaadvisors.com%7Cfb444356113d48ac735e08d56fdbaa70%7C514662bec8aa4f2284bdb5261f93c9eb%7C0%7C1%7C636537911611629716&sdata=DMBuLPhJAAJ70VVVk3Ni7qeicyri%2FG8j8VsrbNwqDSA%3D&reserved=0
> > Documentation: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Crblanchard%40nephilaadvisors.com%7Cfb444356113d48ac735e08d56fdbaa70%7C514662bec8aa4f2284bdb5261f93c9eb%7C0%7C1%7C636537911611629716&sdata=p%2FNfPPTDrJFTEuZpuSap8L7vvR7Pk%2BN7ilP58svtR94%3D&reserved=0
> > FAQ: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Crblanchard%40nephilaadvisors.com%7Cfb444356113d48ac735e08d56fdbaa70%7C514662bec8aa4f2284bdb5261f93c9eb%7C0%7C1%7C636537911611629716&sdata=tYkusXSejtf05DpuezwRX1i2KZeRG4Mb1bbkn0yqUbo%3D&reserved=0
> > 
> > ______________________________________________________________________________
> > Member info: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Crblanchard%40nephilaadvisors.com%7Cd3b7d598b7844343e24308d56fdeba4b%7C514662bec8aa4f2284bdb5261f93c9eb%7C0%7C1%7C636537924770796315&sdata=r5%2F%2BXIuQnIXbMJ0FKDho195%2FM7YxQkWhQpzaNkbsBgI%3D&reserved=0
> > Documentation: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Crblanchard%40nephilaadvisors.com%7Cd3b7d598b7844343e24308d56fdeba4b%7C514662bec8aa4f2284bdb5261f93c9eb%7C0%7C1%7C636537924770796315&sdata=GrpKh8WIvKn08fy%2FpOPHf3PC8NZTRug8p8uV3pfu5Ho%3D&reserved=0
> > FAQ: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Crblanchard%40nephilaadvisors.com%7Cd3b7d598b7844343e24308d56fdeba4b%7C514662bec8aa4f2284bdb5261f93c9eb%7C0%7C1%7C636537924770796315&sdata=rrOvzP9cRnZMPZYQ04FfTt6RCQU%2BAGk70crVwEEY%2FgQ%3D&reserved=0
> ______________________________________________________________________________
> Member info: https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7Crblanchard%40nephilaadvisors.com%7Cd3b7d598b7844343e24308d56fdeba4b%7C514662bec8aa4f2284bdb5261f93c9eb%7C0%7C1%7C636537924770796315&sdata=r5%2F%2BXIuQnIXbMJ0FKDho195%2FM7YxQkWhQpzaNkbsBgI%3D&reserved=0
> Documentation: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7Crblanchard%40nephilaadvisors.com%7Cd3b7d598b7844343e24308d56fdeba4b%7C514662bec8aa4f2284bdb5261f93c9eb%7C0%7C1%7C636537924770796315&sdata=GrpKh8WIvKn08fy%2FpOPHf3PC8NZTRug8p8uV3pfu5Ho%3D&reserved=0
> FAQ: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7Crblanchard%40nephilaadvisors.com%7Cd3b7d598b7844343e24308d56fdeba4b%7C514662bec8aa4f2284bdb5261f93c9eb%7C0%7C1%7C636537924770796315&sdata=rrOvzP9cRnZMPZYQ04FfTt6RCQU%2BAGk70crVwEEY%2FgQ%3D&reserved=0
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq

More information about the syslog-ng mailing list