Comment 30 for bug 407862

I couldn't agree more, and that is why I say that this work-around will be broken once rsyslog's privilege drop code has been rewritten. As stated in the wiki, the current solution is a quick and dirty one, provided only because there seems to be some value in providing it over not providing it.

However, as far as this problem is concerned, this is not over root access or non-root access. The issue is that rsyslogd should run as non-root. Let's assume it finally has decent code to do that. Then it will run, from the start on, as non-root. But then rsyslog.conf specifies that rsyslogd shall write to files where it has no permissions. My point is that either rsyslog.conf is invalid OR the files have been created with wrong permissions. In any case, it is not something that rsyslog can/should fix, because it is outside the scope of its configuration and capabilities. I would consider it the wrong approach to create a root child process just to write to some files, which apparently are set not to be accessible for the daemon users. IMHO this is an inconsistent system setup, and *that* root cause needs to be fixed.

Rainer