/etc/rsyslog.conf permissions incorrect/missing for creation of dynamic files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rsyslog (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: rsyslog
When using templates to create dynamic directories and files with rsyslog, rsyslog can create the directories, but does not have the appropriate permissions to create files within them.
By default, directories created by rsyslog are owned root:root and generates an error in /var/log/syslog as follows:
Furthermore, adding $DirOwner and $DirGroup to match those of $FileOwner and $FileGroup, the setting '$PrivDropToGroup syslog' further prevents rsyslog from creating dynamic files. Setting '$PrivDropToGroup adm' resolves this issue.
Attached is a patch that corrects these issues.
Rich
Related branches
- Martin Pitt: Approve
-
Diff: 1533 lines (+1468/-0)7 files modified.pc/10-initgroups.patch/runtime/rsconf.c (+1386/-0)
.pc/applied-patches (+1/-0)
debian/changelog (+12/-0)
debian/patches/10-initgroups.patch (+44/-0)
debian/patches/series (+1/-0)
debian/rsyslog.postinst (+6/-0)
runtime/rsconf.c (+18/-0)
description: | updated |
Just found this and it's covering similar ground to bug #407862. From my experience in that bug:
I agree that $DirOwner and $DirGroup should be configured.
I agree that $DirGroup, $FileGroup and $PrivDropToGroup have to be the same for rsyslog to create dynamic files properly.
However I don't believe $PrivDropToGroup _should_ have to be the same as the others.
I'm also uncomfortable running rsyslog as adm as this gives access to facilities which are irrelevant and, conversely, I don't like the idea of putting a user in group adm (so they can see logs amongst other things) into group syslog although that's waht I am doing at the moment.