diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/rsconf1_omfileforcechown.html | 64 | ||||
-rw-r--r-- | doc/rsyslog_conf_global.html | 1 |
2 files changed, 65 insertions, 0 deletions
diff --git a/doc/rsconf1_omfileforcechown.html b/doc/rsconf1_omfileforcechown.html new file mode 100644 index 00000000..7415a6f6 --- /dev/null +++ b/doc/rsconf1_omfileforcechown.html @@ -0,0 +1,64 @@ +<html> +<head> +<title>rsyslog.conf file</title> +</head> +<body> +<a href="rsyslog_conf_global.html">back</a> + +<h2>$omfileForceChown</h2> +<p><b>Type:</b> global configuration directive</p> +<p><b>Parameter Values:</b> boolean (on/off, yes/no)</p> +<p><b>Available since:</b> 4.7.0+, 5.3.0+</p> +<p><b>Default:</b> off</p> +<p><b>Description:</b></p> +<p>Forces rsyslogd to change the ownership for output files that already exist. Please note +that this tries to fix a potential problem that exists outside the scope of rsyslog. Actually, +it tries to fix invalid ownership/permission settings set by the original file creator. +<p>Rsyslog changes the ownership during initial execution with root privileges. When a privelege +drop is configured, privileges are dropped after the file owner ship is changed. Not that this currently +is a limitation in rsyslog's privilege drop code, which is on the TODO list to be removed. See Caveats +section below for the important implications. +<p><b>Caveats:</b></p> +<p>This directive tries to fix a problem that actually is outside the scope of rsyslog. As such, +there are a couple of restrictions and situations in which it will not work. <b>Users are strongly +encouraged to fix their system instead of turning this directive on</b> - it should only be used +as a last resort. +<p>At least in the following scenario, this directive will fail expectedly: +<p>It does not address +the situation that someone changes the ownership *after* rsyslogd has started. +Let's, for example, consider a log rotation script. +<ul> +<li>rsyslog is started +<li>ownership is changed +<li>privileges dropped +<li>log rotation (lr) script starts +<li>lr removes files +<li>lr creates new files with root:adm (or whatever else) +<li>lr HUPs rsyslogd +<li>rsyslogd closes files +<li>rsyslogd tries to open files +<li>rsyslogd tries to change ownership --> fail as we are non-root now +<li>file open fails +</ul> + +Please note that once the privilege drop code is refactored, this directive will +no longer work, because then privileges will be dropped before any action is performed, +and thus we will no longer be able to chown files that do not belong to the +user rsyslogd is configured to run under. + +<p>So <b>expect the directive to go away</b>. It will not +be removed in version 4, but may disappear at any time for any version greater than 4. + +<p><b>Sample:</b></p> +<p><code><b>$FileOwner loguser</b> +<br><b>$omfileForceChown on</b></code></p> + +<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual +index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> project.<br> +Copyright © 2007 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL +version 2 or higher.</font></p> +</body> +</html> diff --git a/doc/rsyslog_conf_global.html b/doc/rsyslog_conf_global.html index 74255c54..5f80f92e 100644 --- a/doc/rsyslog_conf_global.html +++ b/doc/rsyslog_conf_global.html @@ -225,6 +225,7 @@ error recovery thus can handle write errors without data loss. Note that this op severely reduces the effect of zip compression and should be switched to off for that use case. Note that the default -off- is primarily an aid to preserve the traditional syslogd behaviour.</li> +<li><a href="rsconf1_omfileforcechown.html">$omfileForceChown</a> - force ownership change for all files</li> <li><b>$RepeatedMsgContainsOriginalMsg</b> [on/<b>off</b>] - "last message repeated n times" messages, if generated, have a different format that contains the message that is being repeated. Note that only the first "n" characters are included, with n to be at least 80 characters, most |