Your message dated Thu, 06 Oct 2011 17:04:39 +0200
with message-id <[email protected]>
and subject line group() & owner() != --group && --user
has caused the Debian Bug report #526616,
regarding syslog-ng: option owner and group parsed correctly in
/etc/syslog-ng/syslog-ng.conf but not launched correctly
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
526616: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526616
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: syslog-ng
Version: 2.0.9-4.1
Severity: grave
In order to launch syslog-ng in non root pid user, there is 2 possibilities:
First, option ---user=<user> and ---group=<group> on command line. This option
are ok but on Debian Lenny, it is not possible to use it due to the fact that
/etc/default/syslog-ng has no variable in order to support this feature.
(note 1)
Second, in configuration file, option owner and group
If setting this feature, it seems that parameters are parsed correctly, but
the process is not launched with this id.
Test 1:
-------
sudo /usr/sbin/syslog-ng --user u_syslog --group=grp_syslog
-> ps auxww |grep syslog-ng
u_syslog 22797 0.0 0.1 3048 1036 ? Ss 11:06 0:00 /usr/sbin/syslog-ng
--user u_syslog --group=grp_syslog
Behavior is correct except that not supported in standard configuration (look
at note 1)
Test 2:
-------
-> grep _syslog /etc/syslog-ng/syslog-ng.conf
dir_owner (u_syslog);
dir_group (grp_syslog);
owner (u_syslog);
group (grp_syslog);
-> sudo /etc/init.d/syslog-ng restart
Stopping system logging: syslog-ng.
Starting system logging: syslog-ng.
-> ps auxww |grep syslog-ng
root 23645 0.0 0.0 2904 720 ? Ss 11:10 0:00
/usr/sbin/syslog-ng -p /var/run/syslog-ng.pid
lacroix 23660 0.0 0.1 3404 776 pts/2 S+ 11:10 0:00 grep syslog-ng
as you can see, pid is launched with root access
--
--------------------------------------
-- Jean-Marc LACROIX --
-- mailto : [email protected] --
---------------------------------------
--- End Message ---
--- Begin Message ---
The group() and owner() global options in syslog-ng.conf set the group
and owner files should be created as. They're not for setting the
user/group to run as.
The only way to control what user syslog-ng runs as, is via the
command-line, and setting that has been possible at least since squeeze,
via the SYSLOGNG_OPTS variable in /etc/default/syslog-ng.
Therefore, since running as a different user has been possible (albeit,
it also required a change in other parts of the configuration too) since
squeeze, I'm closing this bug.
--
|8]
--- End Message ---
