diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-11-26 14:17:36 +0100 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-11-26 14:17:36 +0100 |
commit | dc478db1ca80ef222f83985b539dfec1c66063e2 (patch) | |
tree | 55e26c44026d2046b079715a8ed950defd4c1c40 /doc/rsyslog_conf_global.html | |
parent | 57c9a3accee3a3e9b46d984c76c9aae7e2ec9c27 (diff) | |
download | rsyslog-dc478db1ca80ef222f83985b539dfec1c66063e2.tar.gz rsyslog-dc478db1ca80ef222f83985b539dfec1c66063e2.tar.xz rsyslog-dc478db1ca80ef222f83985b539dfec1c66063e2.zip |
added ability to drop privileges
Added $PrivDropToGroup, $PrivDropToUser, $PrivDropToGroupID,
$PrivDropToUserID config directives to enable dropping privileges.
This is an effort to provide a security enhancement. For the limits of this
approach, see http://wiki.rsyslog.com/index.php/Security
Diffstat (limited to 'doc/rsyslog_conf_global.html')
-rw-r--r-- | doc/rsyslog_conf_global.html | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/rsyslog_conf_global.html b/doc/rsyslog_conf_global.html index bc618dd0..d02245e3 100644 --- a/doc/rsyslog_conf_global.html +++ b/doc/rsyslog_conf_global.html @@ -200,6 +200,11 @@ time calls should usually be acceptable. The default value is two, because we ha seen that even without optimization the kernel often returns twice the identical time. You can set this value as high as you like, but do so at your own risk. The higher the value, the less precise the timestamp. +<li><a href="droppriv.html">$PrivDropToGroup</a></li> +<li><a href="droppriv.html">$PrivDropToGroupID</a></li> +<li><a href="droppriv.html">$PrivDropToUser</a></li> +<li><a href="droppriv.html">$PrivDropToUserID</a></li> +</ul> <li><a href="rsconf1_umask.html">$UMASK</a></li> </ul> <p><b>Where <size_nbr> is specified above,</b> |