[syslog-ng] [EXTERNAL] Re: ACLs with syslog-ng

Faine, Mark R. (MSFC-IS40)[NICS] mark.faine at nasa.gov
Wed May 19 12:24:10 UTC 2021 

No, I can try that, but I don't suspect it will help since the ACLs are there when syslog-ng starts.  However, after files are written to or a new file is created, the ACL is lost.

Thanks,
Mark

Mark Faine
System Administrator
SAIC/NICS
215 Wynn Dr. 5065
Huntsville, AL 35805
256-961-1295 (Desk)
256-617-4861 (Work Cell)


-----Original Message-----
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Fabien Wernli
Sent: Wednesday, May 19, 2021 01:17
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: [EXTERNAL] Re: [syslog-ng] ACLs with syslog-ng

Hi Mark,

On Tue, May 18, 2021 at 04:57:39PM +0000, Faine, Mark R. (MSFC-IS40)[NICS] wrote:
> We have always set permissions on directories that we want the Splunk universal forwarder to be able to read as root:splunk 640, but now security doesn't like this and wants everything under /var/log to always be root:root except for some specific exceptions.  We had tried to solve this with an ACL in the past, however, syslog-ng always seems to clobber the ACL, even when it's the default ACL on the folder.  Is this a known issue, is there a way to get syslog-ng to play nice with ACLs.

Did you consider using `hook-commands()` to set the ACL on startup ?

______________________________________________________________________________
Member info: https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7Cmark.faine%40nasa.gov%7Cef9bb103cc7e453137e908d91a8ddc41%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637570018858922487%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=WyfPupKtLNddNeF3qywBReok1kp4k3Qi1h3LGGVF3Vk%3D&reserved=0
Documentation: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7Cmark.faine%40nasa.gov%7Cef9bb103cc7e453137e908d91a8ddc41%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637570018858922487%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=lMntcFm7v0FTvpDDNJ0u3ZKtGL1t%2Fe%2FxN0fhUiPc6EI%3D&reserved=0
FAQ: https://gcc02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7Cmark.faine%40nasa.gov%7Cef9bb103cc7e453137e908d91a8ddc41%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637570018858922487%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=EwXDMY0f47LrThFh8cj7kEhC6CsX1FFhS3xpqUl%2F%2BxQ%3D&reserved=0

More information about the syslog-ng mailing list