[rsbac] granting syslog-ng the right to access /proc/rsbac-info/rmsg

Sven Seeland Sven.Seeland at gmx.de
Wed Jul 18 09:34:32 CEST 2007


> Your "start a seperate syslog under secoff credentials" is WRONG IDEA!
> In properly configured RSBAC no daemons must run with secoff privileges.
> You should use RC model and should create role for init and grant
> appropriate premissions to this role.

that's my thinking exactly. However, running syslog-ng under secoff credentials is the way it is officially documented on the RSBAC website (http://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/administration_examples/syslog-ng)

And if I just have syslog-ng (which has it's own RC role, by the way) access /proc/rsbac-info/rmsg I get errors from RC, AUTH *and* FF. Now, fixing the RC part is easy. But how do I fix AUTH and FF? I couldn't figure it out for the life of me.

Sven Seeland
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kanns mit allen: http://www.gmx.net/de/go/multimessenger

More information about the rsbac mailing list