Comment 34 for bug 407862
Revision history for this message
| Michael Terry (mterry) wrote Re: [karmic] Messages not being sent to system logs | #34 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
> Why do you create these files as root-owned in the first place? Why not
> create them with the right user? That is my primary point.
I agree. The logrotate.d file that rsyslog uses in Debian/Ubuntu should use the 'create' directive which says which user/group to create files as.
> Michael Biebl, the Debian Maintainer, suggested using capabilities to reduce
> this need. I will look into this, but other than that I agree.
I looked into this a bit. You'd need to use the CAP_SYS_ADMIN capability. Which is sort of a catch-all. It allows the program to do many, many root-y things [1]. Honestly, I'd prefer to have a root dd process (which is contained and pretty safe) feeding an unprivileged rsyslog than have an rsyslog with CAP_SYS_ADMIN.
[1] http://