From owner-cvs-all@FreeBSD.ORG Tue Mar 7 19:09:32 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E134416A44A; Tue, 7 Mar 2006 19:09:31 +0000 (GMT) (envelope-from gad@FreeBSD.org) Received: from smtp3.server.rpi.edu (smtp3.server.rpi.edu [128.113.2.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 661B243DE5; Tue, 7 Mar 2006 19:08:59 +0000 (GMT) (envelope-from gad@FreeBSD.org) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp3.server.rpi.edu (8.13.0/8.13.0) with ESMTP id k27J8iH7006533; Tue, 7 Mar 2006 14:08:46 -0500 Mime-Version: 1.0 Message-Id: In-Reply-To: <20060307081419.GE56506@garage.freebsd.pl> References: <200603061036.k26AaXgt047115@repoman.freebsd.org> <200603061208.11685.jhb@freebsd.org> <20060307081419.GE56506@garage.freebsd.pl> Date: Tue, 7 Mar 2006 14:08:43 -0500 To: Pawel Jakub Dawidek , John Baldwin From: Garance A Drosehn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-CanItPRO-Stream: default X-RPI-SA-Score: undef - spam-scanning disabled X-Scanned-By: CanIt (www . canit . ca) on 128.113.2.3 Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/syslogd syslogd.8 syslogd.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2006 19:09:33 -0000 At 9:14 AM +0100 3/7/06, Pawel Jakub Dawidek wrote: >On Mon, Mar 06, 2006 at 12:08:08PM -0500, John Baldwin wrote: >+> Did you know about the -C option to newsyslog? newsyslog is a >+> better tool for creating the log files since its config file >+> can specify permissions (owner, group, chmod). > >I agree, but I didn't removed this functionality from the >newsyslog(8). I wanted to have this simple functionality >in syslogd(8) for a few small reasons: > >- I don't really buy that not creating log files is a security > feature. Creating them with the wrong group, wrong chmod bits, or not including 'nosave' on logfiles which are expected to be 'nosave' might be a problem. >- You don't always want newsyslog(8) (eg. on a embedded system). You don't want to rotate logfiles on an embedded system? >- Its more handy to add new log file and just restart syslogd > without any errors, instead of editing newsyslog.conf, > executing newsyslogd -C and then restarting syslogd. To use this new syslogd feature, you're going to have to add that '-C' flag somewhere. And in /etc/defaults/rc.conf, we already have: newsyslog_enable="YES" # Run newsyslog at startup. newsyslog_flags="-CN" # Newsyslog flags to create marked files All you need to do is add a second '-C' to those newsyslog_flags, and newsyslog will automatically create all log files which do not exist. And if you're adding a new logfile to /etc/syslog.conf, then it seems to is very likely that you will also want to add a line to newsyslog.conf to rotate that log file. >It still would be handy to tell newsyslogd(8) to always >correct owner and permission (which it doesn't do >currently, AFAIK) - root:wheel 0600 should be safe default >for a log file in the meantime. I believe newsyslog will correct those the next time it rotates the logfile. I'm not sure it should add code to fix files that are wrong only because some operation other than newsyslog created the file, but I suspect it would be easy enough to add that if people really think it is important. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA