[syslog-ng] Directory/file create ownership

Marco Mignone info at marcomignone.com
Wed Mar 7 12:21:29 UTC 2018


Hey Laci,
That's brilliant and amazing response!
Thanks for all the insight, it will save me from a lot of work and confusion I was having with some docker concepts.

Thanks a lot again!

Marco

> On 5 Mar 2018, at 19:11, Szemere, László <laszlo.szemere at balabit.com> wrote:
> 
> Hello Marco,
>  please find my answers inline
> 
> Br,
> Laci
> 
> 
> On Sun, Mar 4, 2018 at 4:56 PM, Marco Mignone <info at marcomignone.com <mailto:info at marcomignone.com>> wrote:
> Hi Laci,
> Thanks for this.
> I will have a play at this and I probably need to study a bit more of Docker as my confusion probably derives from the fact of using docker-compose to start all services instead of 'docker run' when one can specify also the user you want the container to start with.
> From what I have found, while the command line interface do not support the user parameter, the compose files do. Not so flexible, but fair enough.
>  
> 
> The one thing I don't understand is why you can't access the file on the host machine (unless of using sudo) if the user on the host and inside the container are the same?
> That was just a small trick to demonstrate that access rights are in place. I forgot to copy the whole command prompt, but on my personal computer I am using the username szemere. So with the permission 0200 (seen by ls -hal) even I was unable to access the files belonging to the user marco (id: 1500).
>  
> 
> That is basically what I am trying to achieve, the output folder and files to have the ownership of an existing user / group on the host machine so that they are accessible by that user without having to sudo. I wonder if that is what you meant at the end talking about the external user in the 'note:' section of your reply?
> You are right. By external user I meant the user on the host machine. However my note was about how to address them.
> The problem: Since your "external" users do not exists (by default) inside the container, you can not use their name to "address" them. (You most probably got a "no such user" error.)
> 
> The most common solutions to this problem are:
> A) Select users/groups by their ID. (See in the syslog-ng's configuration in the example.)
> B) First create the users/groups inside the container with a matching ID. After that you can use the "names" in the syslog-ng's configuration.
> C) Blind mount the /etc/passwd file. (Has some other implications, read carefully, test with virtual machines before using it.)
> 
> 
> 
> Thanks for your help and reply, that's already a good starting point for me to try again.
> 
> Regards,
> Marco
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng <https://lists.balabit.hu/mailman/listinfo/syslog-ng>
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng <http://www.balabit.com/support/documentation/?product=syslog-ng>
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq <http://www.balabit.com/wiki/syslog-ng-faq>
> 
> 
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180307/8e7b6955/attachment.html>


More information about the syslog-ng mailing list