Would you want to try (and comment on) the attached patch?
Greetings
Marc
diff --git a/AdduserLogging.pm b/AdduserLogging.pm
index dd39d26..0ecb959 100644
--- a/AdduserLogging.pm
+++ b/AdduserLogging.pm
@@ -50,6 +50,8 @@ my $stderrmsglevel="error";
my $stdoutmsglevel="error";
my $logmsglevel="info";;
my $loggerparms="";
+my $has_sys_admin;
+my $logger_id_option;
my $logtrace=$ENV{"ADDUSER_LOGTRACE"};
sub gtx {
@@ -109,15 +111,36 @@ sub logmsglevel {
}
};
+sub check_sys_admin {
+ # this checks for SYS_ADMIN privilege, see #1074567
+ return $has_sys_admin if defined $has_sys_admin;
+ open my $fh, '<', '/proc/self/status' or die "Can't open
/proc/self/status: $!";
+
+ while (my $line = <$fh>) {
+ if ($line =~ /^CapEff:\s+[0-9a-fA-F]{10}([0-9a-fA-F]+)/) {
+ my $cap_eff = hex($1);
+ # Check if the CAP_SYS_ADMIN bit (21st bit) is set
+ $has_sys_admin = $cap_eff & (1 << 21);
+ last;
+ }
+ }
+ close $fh;
+ return $has_sys_admin;
+}
+
sub log_to_syslog {
# use a pipe or system to logger, which is in bsdutils and thus essential
# use --id=adduser[pid]
# make logger parameters configurable (--udp, --journald, for example)
my ($prio, $data) = @_;
my $facility = 'user';
- # $$ would be $PID of we had English.pm
+ if( ! defined $logger_id_option ) {
+ # $$ would be $PID of we had English.pm
+ $logger_id_option="--id=". $$;
+ $logger_id_option="" if ! check_sys_admin;
+ }
my @command= ("logger",
- "--id=". $$,
+ $logger_id_option,
"--tag=". progname(),
"--priority=". $facility.".".$prio,
$loggerparms, "--",
