Just another IT blog

Running syslog-ng as unprivileged user

By default, at least in Debian/Ubuntu, syslog-ng is launched with root privileges. This is not good. Let’s try to run it from syslog user, like rsyslog.

Give it required permissions on /var/lib/syslog-ng:

chown syslog /var/lib/syslog-ng

Modify service config script /etc/default/syslog-ng:

SYSLOGNG_OPTS="-u syslog -g syslog"

if [ ! -e /var/run/syslog-ng.pid ] then
	touch /var/run/syslog-ng.pid
fi
chown syslog /var/run/syslog-ng.pid
chmod 0664 /var/run/syslog-ng.pid

We added required user and group to daemon options and created pid file for it: it creates pid before dropping privileges, so later it can’t use it. At least I saw this behaviour in syslog-ng 3.5 from Ubuntu 14.04.Trusty. Restart syslog-ng service.

Voila! Now it is running from unprivileged user syslog.


License: This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License Share: share on reddit share on hacker news share on facebook share on twitter share on linkedin share on slashdot