[Bug 484336] Re: /etc/rsyslog.conf permissions incorrect/missing for creation of dynamic files
agent 8131
484336 at bugs.launchpad.net
Thu Dec 22 23:46:57 UTC 2011
I ran into this today. If I understand correctly the privilege drop
happens before the chown though it should be the other way around, the
chown should happen while root and then privileges should be dropped.
And in any case the failure of chown should not prevent the logs from
writing. The solution seems to be that $FileGroup and $PrivDropToGroup
should match. From a security perspective setting $FileGroup to to
syslog is the safest course of action.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/484336
Title:
/etc/rsyslog.conf permissions incorrect/missing for creation of
dynamic files
Status in “rsyslog” package in Ubuntu:
Confirmed
Bug description:
Binary package hint: rsyslog
When using templates to create dynamic directories and files with
rsyslog, rsyslog can create the directories, but does not have the
appropriate permissions to create files within them.
By default, directories created by rsyslog are owned root:root and
generates an error in /var/log/syslog as follows:
rsyslogd: Cout not open dynamic file '...' -
discarding message
Furthermore, adding $DirOwner and $DirGroup to match those of
$FileOwner and $FileGroup, the setting '$PrivDropToGroup syslog'
further prevents rsyslog from creating dynamic files. Setting
'$PrivDropToGroup adm' resolves this issue.
Attached is a patch that corrects these issues.
Rich
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/484336/+subscriptions
More information about the foundations-bugs
mailing list