* socklog: unix socket permissions
@ 2004-06-19 20:16 Alex Efros
2004-06-19 20:26 ` Brian Reichert
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Alex Efros @ 2004-06-19 20:16 UTC (permalink / raw)
Hi!
I want to execute socklog as usual user. I've created unix socket ~/log and
set permissions to 770. But socklog change these permissions to 777 every
time it (re)start. Is this a bug? Or how I can disable this cool feature? :-)
--
WBR, Alex.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: socklog: unix socket permissions
2004-06-19 20:16 socklog: unix socket permissions Alex Efros
@ 2004-06-19 20:26 ` Brian Reichert
2004-06-19 21:51 ` Alex Efros
2004-06-19 23:32 ` George Georgalis
` (2 subsequent siblings)
3 siblings, 1 reply; 7+ messages in thread
From: Brian Reichert @ 2004-06-19 20:26 UTC (permalink / raw)
On Sat, Jun 19, 2004 at 11:16:40PM +0300, Alex Efros wrote:
> Hi!
>
> I want to execute socklog as usual user. I've created unix socket ~/log and
> set permissions to 770. But socklog change these permissions to 777 every
> time it (re)start. Is this a bug? Or how I can disable this cool feature? :-)
What was the umask of the socklog process?
>
> --
> WBR, Alex.
--
Brian Reichert <reichert@numachi.com>
37 Crystal Ave. #303 Daytime number: (603) 434-6842
Derry NH 03038-1713 USA BSD admin/developer at large
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: socklog: unix socket permissions
2004-06-19 20:26 ` Brian Reichert
@ 2004-06-19 21:51 ` Alex Efros
0 siblings, 0 replies; 7+ messages in thread
From: Alex Efros @ 2004-06-19 21:51 UTC (permalink / raw)
Hi!
On Sat, Jun 19, 2004 at 04:26:24PM -0400, Brian Reichert wrote:
> > I want to execute socklog as usual user. I've created unix socket ~/log and
> > set permissions to 770. But socklog change these permissions to 777 every
> > time it (re)start. Is this a bug? Or how I can disable this cool feature? :-)
> What was the umask of the socklog process?
0022
--
WBR, Alex.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: socklog: unix socket permissions
2004-06-19 20:16 socklog: unix socket permissions Alex Efros
2004-06-19 20:26 ` Brian Reichert
@ 2004-06-19 23:32 ` George Georgalis
2004-06-19 23:41 ` George Georgalis
2004-06-20 9:34 ` Gerrit Pape
3 siblings, 0 replies; 7+ messages in thread
From: George Georgalis @ 2004-06-19 23:32 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 2362 bytes --]
On Sat, Jun 19, 2004 at 11:16:40PM +0300, Alex Efros wrote:
>
>I want to execute socklog as usual user. I've created unix socket ~/log and
>set permissions to 770. But socklog change these permissions to 777 every
>time it (re)start. Is this a bug? Or how I can disable this cool feature? :-)
>
This has stumped a few people... the answer is the 2.6 kernels don't
let you read /proc/kmsg accept as root, you can't even read a pipe of it
as another user, here's my example, it's based on Gerrit Pape's test
of different kernel versions
run:~ # echo "content" >/tmp/testfile
run:~ # chmod 400 /tmp/testfile
run:~ # (su -c cat nobody) </tmp/testfile
content
run:~ # (su -c cat nobody) </proc/kmsg
cat: -: Operation not permitted
run:~ # ls -l /tmp/testfile /proc/kmsg
-r-------- 1 root root 0 Dec 8 18:44 /proc/kmsg
-r-------- 1 root root 8 Dec 8 18:42 /tmp/testfile
run:~ # su - nobody
nobody@run:~$ cat /tmp/testfile
cat: /tmp/testfile: Permission denied
(note the different type of error messages)
On Fri, Jan 23, 2004 at 01:53:55PM +0000, Gerrit Pape wrote:
>
>Unfortunately the implementation of the proc filesystem in the 2.6.x
>linux kernels makes open() a noop, and checks permissions in read(). So
>the newer linux kernels force the application reading from /proc/kmsg to
>run under root privileges.
>
>See linux-2.6.1/fs/proc/kmsg.c and linux-2.6.1/kernel/printk.c, function
>do_syslog().
He also said
From: Gerrit Pape <pape <at> smarden.org>
Subject: Re: Error running socklog Klog service
Newsgroups: gmane.comp.misc.pape.general
Date: Wed, 07 Apr 2004 12:30:10 +0000
On Tue, Apr 06, 2004 at 09:28:19PM -0400, George Georgalis wrote:
> >See linux-2.6.1/fs/proc/kmsg.c and linux-2.6.1/kernel/printk.c,
> >function do_syslog().
> Is there any doc on the implementation? I (still, 2.6.5) don't see
> mention in Documentation/
I'm afraid, no, I'm not aware of any documentation other than the
source code.
> Is it of any value?
The simplicity in implementation might be of value for the kernel
developers.
You can see most of the discussion I dug up in the attached gz mbox.
// George
--
George Georgalis, Architect and administrator, Linux services. IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org
Key fingerprint = 5415 2738 61CF 6AE1 E9A7 9EF0 0186 503B 9831 1631
[-- Attachment #2: kmsg-problem.gz --]
[-- Type: application/octet-stream, Size: 4665 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: socklog: unix socket permissions
2004-06-19 20:16 socklog: unix socket permissions Alex Efros
2004-06-19 20:26 ` Brian Reichert
2004-06-19 23:32 ` George Georgalis
@ 2004-06-19 23:41 ` George Georgalis
2004-06-20 0:04 ` Alex Efros
2004-06-20 9:34 ` Gerrit Pape
3 siblings, 1 reply; 7+ messages in thread
From: George Georgalis @ 2004-06-19 23:41 UTC (permalink / raw)
On Sat, Jun 19, 2004 at 11:16:40PM +0300, Alex Efros wrote:
>
>I want to execute socklog as usual user. I've created unix socket ~/log and
>set permissions to 770. But socklog change these permissions to 777 every
>time it (re)start. Is this a bug? Or how I can disable this cool feature? :-)
>
I don't think I read your message closely... :) but if you can get
socklog-klog/log/run to work as non root, I'll be very impressed!
// George
--
George Georgalis, Architect and administrator, Linux services. IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george@galis.org
Key fingerprint = 5415 2738 61CF 6AE1 E9A7 9EF0 0186 503B 9831 1631
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: socklog: unix socket permissions
2004-06-19 23:41 ` George Georgalis
@ 2004-06-20 0:04 ` Alex Efros
0 siblings, 0 replies; 7+ messages in thread
From: Alex Efros @ 2004-06-20 0:04 UTC (permalink / raw)
Cc: supervision
Hi!
On Sat, Jun 19, 2004 at 07:41:17PM -0400, George Georgalis wrote:
> >I want to execute socklog as usual user. I've created unix socket ~/log and
> >set permissions to 770. But socklog change these permissions to 777 every
> >time it (re)start. Is this a bug? Or how I can disable this cool feature? :-)
> I don't think I read your message closely... :) but if you can get
> socklog-klog/log/run to work as non root, I'll be very impressed!
No, I don't run "klod" as non root, I run "syslog" as non root using ~/log
instead of /dev/log.
--
WBR, Alex.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: socklog: unix socket permissions
2004-06-19 20:16 socklog: unix socket permissions Alex Efros
` (2 preceding siblings ...)
2004-06-19 23:41 ` George Georgalis
@ 2004-06-20 9:34 ` Gerrit Pape
3 siblings, 0 replies; 7+ messages in thread
From: Gerrit Pape @ 2004-06-20 9:34 UTC (permalink / raw)
On Sat, Jun 19, 2004 at 11:16:40PM +0300, Alex Efros wrote:
> I want to execute socklog as usual user. I've created unix socket ~/log and
> set permissions to 770. But socklog change these permissions to 777 every
> time it (re)start. Is this a bug? Or how I can disable this cool feature? :-)
Yes, the socklog program does unlink("~/log"), umask(0), and then
re-creates the file through bind(), permissions change to 777.
I agree that this default behavior is not always the desired one; making
it configurable somehow shouldn't be that difficult.
Regards, Gerrit.
BTW, you're on the wrong list.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2004-06-20 9:34 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-06-19 20:16 socklog: unix socket permissions Alex Efros
2004-06-19 20:26 ` Brian Reichert
2004-06-19 21:51 ` Alex Efros
2004-06-19 23:32 ` George Georgalis
2004-06-19 23:41 ` George Georgalis
2004-06-20 0:04 ` Alex Efros
2004-06-20 9:34 ` Gerrit Pape
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).