sysklogd priv seperation

Robert Connolly robert at linuxfromscratch.org
Sun Jan 23 12:26:08 PST 2005


On January 23, 2005 02:30 pm, Heiko Zuerker wrote:
> Archaic wrote:
> >On Sun, Jan 23, 2005 at 11:37:49AM -0600, Heiko Zuerker wrote:
> >>Of course logrotate must then run as root and take care of the special
> >>attributes.
> >
> >Which is why it probably shouldn't be chattr'd. Also, chattr doesn't
> >work with all filesystems.

chattr will run even if the filesystem doesn't support it. Whether it works or 
not is another story. The command can still be used by everyone.

> I don't see a problem running logrotate as root, since it is only
> executed 'on demand' by cron.

I think a shell script would be more flexable than a logrotate program.

If we use a shell script to rotate logs we can use something like:

umask 277
gzip -c kern.log > kern.log.1.gz
chattr -a kern.log
cat /dev/null > kern.log
chattr +a kern.log
exit

This way the permissions and ownership of kern.log don't change. The archive 
logs would be owned and read-only by root. This way syslog would only have 
write permission to the files it needs, and not the whole dir. This is 
vulnerable for the time between chattr though, the script might crash leaving 
the file -a. I wonder if this is better:

umask 277
gzip -c kern.log > kern.log.1.gz
ORIG_OWNER=$(ls -n kern.log | awk '{print $3}')
chown root kern.log
chattr -a kern.log
cat /dev/null > kern.log
chattr +a kern.log
chown $ORIG_OWNER kern.log
exit

Or modify it for group permissions.

This still leaves the klogd problem. If its in a chroot it will need proc 
mounted in there too, so its able to reload kernel data. We can't hardlink 
from one filesystem to another. We could chroot klogd to /proc and 
symlink /proc/proc to /proc/.

But, I'm starting to think its a lot easier just to use restart instead of 
reload for sysklogd. Then we don't have to mess with any of this and the logs 
would be owned only by root.

robert



More information about the hlfs-dev mailing list