I am back at this issue and thought about changing the default down to v2-stable. However, it "feels" bad from a security perspective. I know that the current default does not work well, but it is extremely restrictive. So if I now change it to a "useful" default, I may expose some information on old systems that is not yet exposed. One could argue this is a security hole. I am very hesitant to doing this, so I thought I ask for feedback once again.
The alternative way would be that only v4 (if running in v4-mode!) will have the new (correct) default, while all others have the old, wrong and thus extremely restrictive default. Quite honestly, it "feels" like this is the right route to take, even though "the other way around" sounds more natural. Has anyone an opinion on that? And I'll probably go for the v4-only change if nobody convinces me that there is no security risk... Thanks, Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Rainer Gerhards > Sent: Friday, March 06, 2009 4:40 PM > To: rsyslog-users > Subject: Re: [rsyslog] wrong permissons on directories > > The more I think about it, the more it smells like a real bug. Has > anyone objections changing the default? > > Rainer > > > -----Original Message----- > > From: [email protected] [mailto:rsyslog- > > [email protected]] On Behalf Of Michael Biebl > > Sent: Friday, March 06, 2009 3:54 PM > > To: rsyslog-users > > Subject: Re: [rsyslog] wrong permissons on directories > > > > FWIW, the Debian default rsyslog.conf ships with > > > > $DirCreateMode 0755 > > > > > > 2009/3/6 Rainer Gerhards <[email protected]>: > > > Thomas, > > > > > > do I correctly understand that you propose the default be changed? > > > > > > If so, I am hesitant to do that - wouldn't that potentially break > > existing deployments? On the other hand... how could that work... > > Umm... > > > > > > Rainer > > > > > >> -----Original Message----- > > >> From: [email protected] [mailto:rsyslog- > > >> [email protected]] On Behalf Of Thomas Mieslinger > > >> Sent: Friday, March 06, 2009 3:14 PM > > >> To: rsyslog-users > > >> Subject: Re: [rsyslog] wrong permissons on directories > > >> > > >> Thanks for the pointer to the documentation.. it is $DirCreateMode > > what > > >> I asked for... > > >> > > >> and now I ask for a change of the default > > >> documentation says: > > >> Default: 0644 > > >> > > >> Reality demands 0755. I changed it in my configuration. I'd be > happy > > to > > >> see that changed in rsyslog. > > >> > > >> Thomas > > >> > > >> > > >> > > >> Rainer Gerhards wrote: > > >> > Hi Thomas, > > >> > > > >> > can it be that your default umask gets into your way? In any > case, > > >> you > > >> > can set the permissions explicitely with > > >> > > > >> > $FileCreateMode > > >> > $FileGroup > > >> > $FileOwner > > >> > > > >> > And set the umask with > > >> > > > >> > $umask > > >> > > > >> > (see http://www.rsyslog.com/doc-rsyslog_conf_global.html) > > >> > > > >> > Does this help? > > >> > > > >> > Rainer > > >> > > > >> >> -----Original Message----- > > >> >> From: [email protected] [mailto:rsyslog- > > >> >> [email protected]] On Behalf Of Thomas Mieslinger > > >> >> Sent: Friday, March 06, 2009 10:18 AM > > >> >> To: rsyslog-users > > >> >> Subject: [rsyslog] wrong permissons on directories > > >> >> > > >> >> Hi *, > > >> >> > > >> >> when creating directories through dynamic templates, the > > directory > > >> >> permissons are incomplete: > > >> >> > > >> >> rsyslog.conf: > > >> >> $template > > >> >> > > >> > ZeusMwAllLogFileService,"/data/log/zeusmw/%$YEAR%-%$MONTH%/all- > > >> %$YEAR%- > > >> >> %$MONTH%-%$DAY%.log" > > >> >> > > >> >> resulting directories: > > >> >> ls -al /data/log > > >> >> drw-r--r-- 3 root root 4096 Mar 5 15:53 zeusmw/ > > >> >> > > >> >> ls -al /data/log/zeusmw > > >> >> drw-r--r-- 2 root root 4096 Mar 6 10:11 2009-03/ > > >> >> > > >> >> # rsyslogd -version > > >> >> rsyslogd 3.21.3, compiled with: > > >> >> FEATURE_REGEXP: Yes > > >> >> FEATURE_LARGEFILE: Yes > > >> >> FEATURE_NETZIP (message compression): Yes > > >> >> GSSAPI Kerberos 5 support: Yes > > >> >> FEATURE_DEBUG (debug build, slow code): No > > >> >> Runtime Instrumentation (slow code): No > > >> >> > > >> >> (its the rsyslog-3.21.3-4 fedora 10 package compiled on rhel5) > > >> >> > > >> >> I'd be happy to know if thats a bug. > > >> >> > > >> >> Thanks > > >> >> Thomas > > >> >> > > >> >> _______________________________________________ > > >> >> rsyslog mailing list > > >> >> http://lists.adiscon.net/mailman/listinfo/rsyslog > > >> >> http://www.rsyslog.com > > >> > _______________________________________________ > > >> > rsyslog mailing list > > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > > >> > http://www.rsyslog.com > > >> > > >> -- > > >> Thomas Mieslinger > > >> IT Infrastructure Systems > > >> Telefon: +49-721-91374-4404 > > >> E-Mail: [email protected] > > >> > > >> 1&1 Internet AG > > >> Brauerstraße 48 > > >> 76135 Karlsruhe > > >> > > >> Amtsgericht Montabaur HRB 6484 > > >> Vorstand: Henning Ahlert, Ralph Dommermuth, Matthias Ehrlich, > Thomas > > >> Gottschlich, Robert Hoffmann, Markus Huhn, Henning Kettler, Oliver > > >> Mauss, Jan Oetjen > > >> Aufsichtsratsvorsitzender: Michael Scheeren > > >> > > >> _______________________________________________ > > >> rsyslog mailing list > > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > > >> http://www.rsyslog.com > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com > > > > > > > > > > > -- > > Why is it that all of the instruments seeking intelligent life in the > > universe are pointed away from Earth? > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
