LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Blogs > sag47
User Name
Password

Notices

Rate this Entry

Creating special devices to solve problems

Posted 01-19-2012 at 03:53 PM by sag47
Updated 01-21-2012 at 11:41 PM by sag47
Tags jboss, mknod

With tax season coming up I have been asked to set up a certain centralized tax service for a company. I won't mention the company nor the well known tax program involved as this post isn't about flaming a product but just to show you how cool commands in Linux can be used to solve, what would originally seem like, complicated problems.

Here's the scenario. The software runs on JBoss (a java app server) and it has log output. During client testing with fake social security numbers I noticed that they were getting output into the log. For security purposes this is unacceptable. After thinking for a while the solution I came up with was this... I want to output the log into /dev/null. But how? How indeed, and here's what I did.

I remember that the mknod command is used for special devices so I looked at the man documentation.

The relevant portions of the man page are...
Code:
--- *snip* ---
SYNOPSIS
       mknod [OPTION]... NAME TYPE [MAJOR MINOR]

DESCRIPTION
--- *snip* ---
       c, u   create a character (unbuffered) special file
--- *snip* ---
Now let's look at the file listing for /dev/null.
Code:
$ ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 2012-01-12 10:12 /dev/null
The first character in the permissions is the filetype. Normally you see d for directory, - for file, or l for a symbolic link as an example. Here specifically it is a character special file.

Also notice the "1, 3" in the file listing. Those are the device special major and minor numbers. I'm not sure where there's a list of all of the different types of numbers but if you know please post in the comments. Here though we basically know how we want the file to behave and had a file we could analyze to get the major and minor numbers so that mknod knows what kind of special device we're creating.

So now I just go to where the log file is outputting and create a null special device in the file name where the log name would normally be. Let's say, hypothetically, that our offending log output file is located at /opt/jboss/log/program.log. Here's the commands to create the special device and match it be the same type as /dev/null.
Code:
cd /opt/jboss/log/
rm program.log
mknod program.log c 1 3
chmod 666 program.log
My jboss instance runs under user jboss but my program.log special device is owned by root with permissions 666. That's because I don't want jboss or the app to be able to rename or move the special device.

Now when log output is written to the log file it will simply be going into a null-like file which isn't recorded. Of course if you ever need to troubleshoot you'll have to remove this special file so that it can write to a log file again for output. But for normal usage of the app I'd say this is a pretty good solution to a closed source proprietary program which was simple for the problem at hand.

SAM
Posted in Uncategorized
Views 579 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 09:52 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration