subject:"permissions on \/var\/log\/messages"

permissions on /var/log/messages

2009-03-01 Thread Hamish Moffatt

I'd like /var/log/messages to be readable by non-root users. syslogd.c
uses device_open to open the file though and it has the permissions
hardcoded to 0600.

I can't really see why it uses device_open... nor a good solution.


Hamish
-- 
Hamish Moffatt VK3SB  
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: permissions on /var/log/messages

2009-03-02 Thread Denys Vlasenko

On Monday 02 March 2009 07:03:53 am Hamish Moffatt wrote:
> I'd like /var/log/messages to be readable by non-root users. syslogd.c
> uses device_open to open the file though and it has the permissions
> hardcoded to 0600.
> 
> I can't really see why it uses device_open... nor a good solution.

I propose this patch.
--
vda
diff -d -urpN busybox.1/sysklogd/syslogd.c busybox.2/sysklogd/syslogd.c
--- busybox.1/sysklogd/syslogd.c	2009-03-01 03:26:17.0 +0100
+++ busybox.2/sysklogd/syslogd.c	2009-03-02 14:56:50.0 +0100
@@ -306,17 +306,23 @@ static void log_locally(time_t now, char
 	}
 #endif
 	if (G.logFD >= 0) {
+		/* Reopen log file every second. This allows admin
+		 * to delete the file and not worry about restarting us.
+		 * This costs almost nothing since it happens
+		 * _at most_ once a second.
+		 */
 		if (!now)
 			now = time(NULL);
 		if (G.last_log_time != now) {
-			G.last_log_time = now; /* reopen log file every second */
+			G.last_log_time = now;
 			close(G.logFD);
 			goto reopen;
 		}
 	} else {
  reopen:
-		G.logFD = device_open(G.logFilePath, O_WRONLY | O_CREAT
-	| O_NOCTTY | O_APPEND | O_NONBLOCK);
+		G.logFD = open(G.logFilePath, O_WRONLY | O_CREAT
+	| O_NOCTTY | O_APPEND | O_NONBLOCK,
+	0666);
 		if (G.logFD < 0) {
 			/* cannot open logfile? - print to /dev/console then */
 			int fd = device_open(DEV_CONSOLE, O_WRONLY | O_NOCTTY | O_NONBLOCK);
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: permissions on /var/log/messages

2009-03-02 Thread walter harms



Denys Vlasenko schrieb:
> On Monday 02 March 2009 07:03:53 am Hamish Moffatt wrote:
>> I'd like /var/log/messages to be readable by non-root users. syslogd.c
>> uses device_open to open the file though and it has the permissions
>> hardcoded to 0600.
>>
>> I can't really see why it uses device_open... nor a good solution.
> 
> I propose this patch.
> --

would it be sufficient to use 0644 instead of 0666 ?

just my 2 cents,

re,
 wh
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: permissions on /var/log/messages

2009-03-02 Thread Cristian Ionescu-Idbohrn

On Mon, 2 Mar 2009, Denys Vlasenko wrote:

> On Monday 02 March 2009 07:03:53 am Hamish Moffatt wrote:
> > I'd like /var/log/messages to be readable by non-root users. syslogd.c
> > uses device_open to open the file though and it has the permissions
> > hardcoded to 0600.
> >
> > I can't really see why it uses device_open... nor a good solution.
>
> I propose this patch.

I don't really like that patch :(
0666 file permissions is way out.
Debian has that at 0640, and that's how long I would go too.
Could be made configurable, though.

Cheers,

-- 
Cristian
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: permissions on /var/log/messages

2009-03-02 Thread Hamish Moffatt

On Mon, Mar 02, 2009 at 03:25:19PM +0100, Denys Vlasenko wrote:
> On Monday 02 March 2009 07:03:53 am Hamish Moffatt wrote:
> > I'd like /var/log/messages to be readable by non-root users. syslogd.c
> > uses device_open to open the file though and it has the permissions
> > hardcoded to 0600.
> > 
> > I can't really see why it uses device_open... nor a good solution.
> 
> I propose this patch.

>   reopen:
> - G.logFD = device_open(G.logFilePath, O_WRONLY | O_CREAT
> - | O_NOCTTY | O_APPEND | O_NONBLOCK);
> + G.logFD = open(G.logFilePath, O_WRONLY | O_CREAT
> + | O_NOCTTY | O_APPEND | O_NONBLOCK,
> + 0666);

0666 is too generous I think - but it works ok. 0644 or 0664 would be
better.

thanks
Hamish
-- 
Hamish Moffatt VK3SB  
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

Re: permissions on /var/log/messages

2009-03-03 Thread Denys Vlasenko

On Tuesday 03 March 2009 02:14:47 am Hamish Moffatt wrote:
> On Mon, Mar 02, 2009 at 03:25:19PM +0100, Denys Vlasenko wrote:
> > On Monday 02 March 2009 07:03:53 am Hamish Moffatt wrote:
> > > I'd like /var/log/messages to be readable by non-root users. syslogd.c
> > > uses device_open to open the file though and it has the permissions
> > > hardcoded to 0600.
> > > 
> > > I can't really see why it uses device_open... nor a good solution.
> > 
> > I propose this patch.
> 
> >   reopen:
> > -   G.logFD = device_open(G.logFilePath, O_WRONLY | O_CREAT
> > -   | O_NOCTTY | O_APPEND | O_NONBLOCK);
> > +   G.logFD = open(G.logFilePath, O_WRONLY | O_CREAT
> > +   | O_NOCTTY | O_APPEND | O_NONBLOCK,
> > +   0666);
> 
> 0666 is too generous I think - but it works ok. 0644 or 0664 would be
> better.

You need to set umask as you see fit before you start sysklogd
(or any other file-creating process for that matter).
--
vda
___
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox

permissions on /var/log/messages

Re: permissions on /var/log/messages

Re: permissions on /var/log/messages

Re: permissions on /var/log/messages

Re: permissions on /var/log/messages

Re: permissions on /var/log/messages

6 matches

Site Navigation

Mail list logo

Footer information