/var/spool/rsyslog owner incorrect on Precise

sous-chefs / rsyslog

Development repository for the rsyslog cookbook

https://supermarket.chef.io/cookbooks/rsyslog

Apache License 2.0

65 stars 199 forks source link

/var/spool/rsyslog owner incorrect on Precise #66

Closed tas50 closed 9 years ago

tas50 commented 9 years ago

The cookbook incorrectly changes the owner on /var/spool/rsyslog when running on precise.

directory[/var/spool/rsyslog] action create
- change owner from 'syslog' to 'root'
- change group from 'adm' to 'root'

The existing privs are the correct ones laid down by the package.

tas50 commented 9 years ago

This cookbook actually mangles the privs for rsyslog and presents a pretty big security hole. rsyslog on precise should be running as the syslog, but it's running as root due to bad if statement int he attributes file. All the config file perms have changed from rsyslog/admin over to root/root and the line to drop privs is removed from the config.

tas50 commented 9 years ago

This has been fixed