On Tue, 18 Nov 2008, Don Jackson wrote: > I had the following questions: > > Would it be possible (optionally) to have rsyslogd chroot to a > particular directory on startup? > That seems the safest. One could configure a disk partition for log > messages, configure rsyslogd to log there,
chroot doesn't help. if you have rsyslog set to log to a seperate partition it can only fill that partition, but it can fill _all of that partition even if you chroot into a subdirectory on that partition. > and also chroot to a directory on that partition, so if the rsyslogd > process itself is compromised, > it can't do other damage. that gives you protection if you are receiving logs from the network, but if you are receiving logs from /dev/log (local logs) you can't go into a chroot effectivly > There must be a way to have a daemon run as a non-root user, and also > to open ports < 1024. > This seems to be done all the time on *bsd machines: the POSIX standard still calls for ports < 1024 to require root to bind to them, different systems have different ways to be non-compliant with the standard and let you do so anyway. what OS are you using? David Lang > # ps -aux > USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME > COMMAND > root 1 0.0 0.0 428 356 ?? Is Thu02PM 0:00.01 / > sbin/init > _dhcp 22078 0.0 0.0 396 432 ?? Is Thu03PM 0:00.01 > dhclient: bge0 (dhclient) > _syslogd 27943 0.0 0.0 452 812 ?? S Thu03PM 0:00.19 > syslogd -a /var/empty/dev/log > > I'm not sure how this is done, but it looks like chroot also supports > changing the userid... > > Just some thoughts, > > Best regards, > > Don > > > > > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
