sysklogd priv seperation

Heiko Zuerker heiko at zuerker.org
Sun Jan 23 13:08:38 PST 2005


Robert Connolly wrote:

>On January 23, 2005 02:30 pm, Heiko Zuerker wrote:
>  
>
>>Archaic wrote:
>>    
>>
>>>On Sun, Jan 23, 2005 at 11:37:49AM -0600, Heiko Zuerker wrote:
>>>      
>>>
>>>>Of course logrotate must then run as root and take care of the special
>>>>attributes.
>>>>        
>>>>
>>>Which is why it probably shouldn't be chattr'd. Also, chattr doesn't
>>>work with all filesystems.
>>>      
>>>
>
>chattr will run even if the filesystem doesn't support it. Whether it works or 
>not is another story. The command can still be used by everyone.
>
>  
>
>>I don't see a problem running logrotate as root, since it is only
>>executed 'on demand' by cron.
>>    
>>
>
>I think a shell script would be more flexable than a logrotate program.
>
>If we use a shell script to rotate logs we can use something like:
>
>umask 277
>gzip -c kern.log > kern.log.1.gz
>chattr -a kern.log
>cat /dev/null > kern.log
>chattr +a kern.log
>exit
>
>This way the permissions and ownership of kern.log don't change. The archive 
>logs would be owned and read-only by root. This way syslog would only have 
>write permission to the files it needs, and not the whole dir. This is 
>vulnerable for the time between chattr though, the script might crash leaving 
>the file -a. I wonder if this is better:
>
>umask 277
>gzip -c kern.log > kern.log.1.gz
>ORIG_OWNER=$(ls -n kern.log | awk '{print $3}')
>chown root kern.log
>chattr -a kern.log
>cat /dev/null > kern.log
>chattr +a kern.log
>chown $ORIG_OWNER kern.log
>exit
>
>Or modify it for group permissions.
>
>This still leaves the klogd problem. If its in a chroot it will need proc 
>mounted in there too, so its able to reload kernel data. We can't hardlink 
>from one filesystem to another. We could chroot klogd to /proc and 
>symlink /proc/proc to /proc/.
>  
>
I didn't see this before, but  you're thinking about chrooting syslog ?
Correct me if I'm wrong, but if you want to run other daemons/programs 
in a chroot environment, your syslog can't be chrooted.
The reason for this is, because you need to create the /dev/log sockets 
within the chroots in order to have those daemons/programs log to syslog.
My syslog-ng.conf for example looks like this:
source src { unix-stream("/var/data/setiathome/dev/log"); 
unix-stream("/var/spool/vscan/dev/log"); 
unix-stream("/var/spool/postfix/dev/log"); pipe ("/proc/kmsg" log_prefix
("kernel: ")); unix-stream("/dev/log"); internal(); }

>But, I'm starting to think its a lot easier just to use restart instead of 
>reload for sysklogd. Then we don't have to mess with any of this and the logs 
>would be owned only by root.
>  
>


-- 

Regards
  Heiko Zuerker
  http://www.devil-linux.org




More information about the hlfs-dev mailing list