On 20.01.2012 00:49, Jamie Strandboge wrote: > Package: rsyslog > Version: 5.8.6-1 > Severity: normal > Tags: patch > User: ubuntu-de...@lists.ubuntu.com > Usertags: origin-ubuntu precise ubuntu-patch > > Dear Maintainer, > > I'd like for you to consider applying the attached patch to achieve the > following: > > * debian/rsyslog.conf: set $WorkDirectory to /var/spool/rsyslog, which is > the example location in documentation. When not configured it defaults to > '/', which is undesirable. (LP: #918947) > * debian/rsyslog.dirs: add /var/spool/rsyslog/ > > This is Launchpad bug #918947[1]. > > In testing the imfile functionality, I learned that when $WorkDirectory > is not explicitly set, it defaults to '/'. This means that state files > are written directly in / (other rsyslog functionality presumably also > uses WorkDirectory). This violates the FHS and is generally unexpected. > > Granted, it appears that at least with imfile, the file is created then > immediately unlinked while keeping the fd open so people won't typically > see these files in / (I am not sure of the other uses of WorkDirectory).
The WorkDirectory is used for state files (imfile, as you already noticed) and for spool files when you use disk-based buffering for reliable remote syslog In this case, if the remote host is down you buffer the syslog messages instead of discarding them. So in both cases, this needs explicit configuration, to enable those features. But especially for imfile it is easy to forget to set WorkDirectory, so setting it to a sane default does make sense, that's why I've merged your patch, thanks As Ubuntu run rsyslog as unprivileged user, you need to check if rsyslog sets up those files before dropping its privileges (I haven't checked that). Otherwise you need to adjust the permissions/owner of /var/spool/rsyslog in postinst. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
