I have an application which writes a logfile in /var/app/applog.log. This application has to be launched as root, but runs as app:app and can also be demoted to nobody:nobody
What exactly is nobody:nobody and what priviledges does it have?
Is it best to run my app as app:app or nobody:nobody?
The logfile has the same user as the daemon that creates them (app or nobody). But for some reason belongs to the root group.
I have seen that rsyslog uses the syslog user and depending on configuration uses the adm group (I have seen many guides that recommend using this group for rsyslog.What does this group do and is it safe to use it for rsyslog?)
My rsyslog.conf looks like this:
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup adm
For rsyslog to be able to read my app's log I have to change the logfile group to adm and for some reason I also have to add rsyslog to adm group (even though I specify adm group in conf) for rsyslog to able to read the file.
Which user:group should the logfiles be and which is the safest way to allow ryslog to read them?
In the end I want my daemon to only be able to write to these logs and rsyslog only be able to read them. No other user should be able to read/modify the logs other than root. Any ideas?