It seems that this was partly my mistake, as the permissions of the fifo file were wrong. But this means that rsyslog opened the fifo before dropping privileges and was thus able to open it as root. When the HUP signal is sent, reopening the fifo fails because rsyslog is no longer run as root.
It seems that this was partly my mistake, as the permissions of the fifo file were wrong. But this means that rsyslog opened the fifo before dropping privileges and was thus able to open it as root. When the HUP signal is sent, reopening the fifo fails because rsyslog is no longer run as root.
This is a known issue, and there's more info here: http:// wiki.rsyslog. com/index. php/Security# Dropping_ Privileges. It seems that the privilege dropping has not been implemented in a very secure manner.