From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1236 Path: news.gmane.org!not-for-mail From: Gerrit Pape Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: svlogd and umask settings Date: Fri, 15 Sep 2006 14:47:44 +0000 Message-ID: <20060915144744.18045.qmail@3430f19bcf16f5.315fe32.mid.smarden.org> References: <20060830220325.GK25489@annvix.org> <20060901174940.GY25489@annvix.org> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1158331652 28154 80.91.229.2 (15 Sep 2006 14:47:32 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 15 Sep 2006 14:47:32 +0000 (UTC) Original-X-From: supervision-return-1472-gcsg-supervision=m.gmane.org@list.skarnet.org Fri Sep 15 16:47:32 2006 Return-path: Envelope-to: gcsg-supervision@gmane.org Original-Received: from antah.skarnet.org ([212.85.147.14]) by ciao.gmane.org with smtp (Exim 4.43) id 1GOEyQ-00047m-Jx for gcsg-supervision@gmane.org; Fri, 15 Sep 2006 16:47:23 +0200 Original-Received: (qmail 26701 invoked by uid 76); 15 Sep 2006 14:47:44 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 26696 invoked from network); 15 Sep 2006 14:47:43 -0000 Original-To: supervision@list.skarnet.org Mail-Followup-To: supervision@list.skarnet.org Content-Disposition: inline In-Reply-To: <20060901174940.GY25489@annvix.org> Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1236 Archived-At: On Fri, Sep 01, 2006 at 11:49:40AM -0600, Vincent Danen wrote: > * Vincent Danen [2006-08-30 16:03:25 -0600]: > > I have an issue with svlogd where I need it to write files with 0640 > > perms, but it wants to write with 0644 perms. I tried to toss a umask > > call in my runscript: > > This doesn't seem to make a difference to svlogd. Looking in the > > manpage, I didn't see anything about changing the permissions of files > > it creates. But even with the above I get: > > > > [root@ares apparmor.d]# ls -l /var/log/system/audit/ > > total 0 > > -rw-r--r-- 1 root root 0 Aug 30 16:17 current > > -rw------- 1 root root 0 Aug 30 16:17 lock > > > > What am I missing or do I have to change something in svlogd itself? > > Since Annvix is now using socklog by default, I need to make sure logs > > are 0640. The directory permissions are correct, but the log file > > permissions are not. > > Ok, I see the problem. I see all the fchmod() calls in svlogd.c that > are writing files as mode 0744 or 0644. What would be nice to see is if > svlogd could be configured to accept as a config option perms for files > or if it respected umask settings. As it stands right now, I'm going to > have to patch svlogd.c to make it write files mode 0740 or 0640. Yes, this is compiled in. > In conjunction with stuff like socklog, this is pretty important. You > never see stuff like /var/log/messages or /var/log/auth.log with such > insecure permissions so it would be good if something that socklog > depended on could likewise write more secure log files. Isn't it enough to set restrictive permissions on the directory? svlogd won't touch these settings. Regards, Gerrit.