> Why do you create these files as root-owned in the first place? Why not > create them with the right user? That is my primary point.
I agree. The logrotate.d file that rsyslog uses in Debian/Ubuntu should use the 'create' directive which says which user/group to create files as. > Michael Biebl, the Debian Maintainer, suggested using capabilities to reduce > this need. I will look into this, but other than that I agree. I looked into this a bit. You'd need to use the CAP_SYS_ADMIN capability. Which is sort of a catch-all. It allows the program to do many, many root-y things [1]. Honestly, I'd prefer to have a root dd process (which is contained and pretty safe) feeding an unprivileged rsyslog than have an rsyslog with CAP_SYS_ADMIN. [1] http://www.lids.org/lids-howto/node57.html -- [karmic] Messages not being sent to system logs https://bugs.launchpad.net/bugs/407862 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
