sysklogd priv seperation

Heiko Zuerker heiko at zuerker.org
Sun Jan 23 09:37:49 PST 2005


Robert Connolly wrote:

>Hello. I want some options about something. With sysklogd's privilege 
>separation patches... when the server is started the files are opened as 
>root, if the daemon gets a SIGHUP (reload) then the syslog user will reopen 
>the files. So unless the syslog user has write permission to the logs we 
>can't reload syslogd. At first I thought this was fine, just use restart 
>instead. But now I don't think there's a security problem with letting the 
>syslog user own the logs. Under normal circumstances that user can write to 
>the logs anyway.
>
>So, would it be alright if the syslog user has write permission to the logs so 
>SIGHUP can work properly? If so, should it be:
>
>chown syslog /var/log
>or
>chgrp syslog /var/log && chmod g+w /var/log
>
>It needs write permission to the whole directory because it will compress logs 
>when they're rotated, creating new files. Either of these will let the syslog 
>user do anything it wants with the logs, unless something is read-only by 
>root. We can adjust the file creation mode by syslogd too.
>  
>

I would go a little further and would start playing around with 
'chattr', i.e. so the user can only append to the logfile, not delete it 
and so on.
Of course logrotate must then run as root and take care of the special 
attributes.

-- 

Regards
  Heiko Zuerker
  http://www.devil-linux.org




More information about the hlfs-dev mailing list