> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Michael Maymann > Sent: Tuesday, January 31, 2012 4:04 PM > To: rsyslog-users > Subject: Re: [rsyslog] rsyslog as non-root user > > Hi, > > Rainer: thanks for this...:-) ! > > Now I have added the following to rsyslog.conf: > $PrivDropToGroup <GROUP> > $PrivDropToUser <USER> > > When starting rsyslog, it hangs for a long time and fails - but processes are > started fine and everyting is otherwise working fine: > # service rsyslog start > Starting system logger: [FAILED] > > Running proccesses during hang...: > root 26710 20551 0 16:48 pts/0 00:00:00 /bin/sh /sbin/service > rsyslog start > root 26715 26710 0 16:48 pts/0 00:00:00 /bin/bash > /etc/init.d/rsyslog start > root 26718 26715 0 16:48 pts/0 00:00:00 /bin/bash -c ulimit -S -c 0 > >/dev/null 2>&1 ; /usr/sbin/rsyslogd -c 6 > root 26719 26718 0 16:48 pts/0 00:00:00 /usr/sbin/rsyslogd -c 6 > <USER> 26724 26719 0 16:48 ? 00:00:00 /usr/sbin/rsyslogd -c 6 > > Running proccesses after "failed" statement: > <USER> 26724 1 0 16:48 ? 00:00:00 /usr/sbin/rsyslogd -c 6 > > Stopping rsyslog causes no problem though... > # service rsyslog stop > Shutting down system logger: [ OK ] > > It doesn't state anything wrong in the logs: > 2012-01-31T16:48:55.612782+02:00 HOSTNAME rsyslogd: [origin > software="rsyslogd" swVersion="6.3.6" x-pid="26724" x-info=" > http://www.rsyslog.com";] start > 2012-01-31T16:48:55.612664+02:00 HOSTNAME rsyslogd: rsyslogd's groupid > changed to <ID> > 2012-01-31T16:48:55.612709+02:00 HOSTNAME rsyslogd: rsyslogd's userid > changed to <ID> > > Rainer: It is working now, but FYI: I will send you the debug information > directly...
Yeah, that would be great. Be sure to include a full debug log. Rainer > > Thanks for your help :-) ! > > > Br. > ~maymann > > > 2012/1/31 Rainer Gerhards <[email protected]> > > > The right approach is to use the permission drop features of rsyslog > > to make it itself run as non-root. I v6, it will run as root only to > > open critical things (like the UDP ports) and then drops privileges > > (in a way that never can be undone without a full restart). > > > > HTH > > Rainer > > > > > -----Original Message----- > > > From: [email protected] [mailto:rsyslog- > > > [email protected]] On Behalf Of Michael Maymann > > > Sent: Tuesday, January 31, 2012 3:02 PM > > > To: [email protected] > > > Subject: [rsyslog] rsyslog as non-root user > > > > > > Hi, > > > > > > I have now setup a 6.3.6-devel rsyslog server that is working fine > > running > > as > > > root. > > > I would like to run it as non-root user as my logfiles are located > > > on NFS > > (and > > > root export of NFS is generally not a good idea !). > > > > > > Here is my rsyslog.conf: > > > #LOAD MODULES > > > $ModLoad imudp > > > $UDPServerRun 514 > > > $UDPServerAddress 127.0.0.1 > > > $ModLoad imtcp > > > $InputTCPServerRun 514 > > > #SET DESTINATION FOR LOGS > > > $template > > > > DYNmessages,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$ > > > MONTH%_messages" > > > $template > > > > DYNsecure,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MO > > > NTH%_secure" > > > $template > > > > DYNmaillog,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MO > > > NTH%_maillog" > > > $template > > > > DYNcron,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONT > > > H%_cron" > > > $template > > > > DYNspooler,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MO > > > NTH%_spooler" > > > $template > > > > DYNboot,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONT > > > H%_boot.log" > > > $template > > > > DYNtraps,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONT > > > H%_traps" > > > #SET LOGGING CONDITIONS > > > if $syslogseverity <= '6' then ?DYNmessages if $syslogfacility-text > > > == 'authpriv' then ?DYNsecure if $syslogfacility-text == 'mail' then > > ?DYNmaillog if > > > $syslogfacility-text == 'cron' then ?DYNcron if $syslogseverity-text > > > == > > 'crit' > > > then ?DYNspooler if $syslogfacility-text == 'local7' then ?DYNboot > > > if $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING' > > > then ?DYNtraps > > > > > > Here is my logfile when I try to start rsyslog as a non-root user: > > > 2012-01-31T15:45:52.997693+02:00 <hostname> rsyslogd: [origin > > > software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info=" > > > http://www.rsyslog.com";] start > > > 2012-01-31T15:45:52.997294+02:00 <hostname> rsyslogd: bind: > > > Permission denied > > > 2012-01-31T15:45:52.997369+02:00 <hostname> rsyslogd: bind: > > > Permission denied > > > 2012-01-31T15:45:52.997374+02:00 <hostname> rsyslogd: No UDP listen > > > socket could successfully be initialized, message reception via UDP > > disabled. > > > 2012-01-31T15:45:52.997376+02:00 <hostname> rsyslogd: imudp: no > > > listeners could be started, input not activated. > > > 2012-01-31T15:45:52.997379+02:00 <hostname> rsyslogd3: activation of > > > module imudp failed [try http://www.rsyslog.com/e/-3 ] > > > 2012-01-31T15:45:52.997643+02:00 <hostname> rsyslogd-2077: Could not > > > create tcp listener, ignoring port 514. [try > > http://www.rsyslog.com/e/2077 > > ] > > > > > > So permissions to bind and sockets seems to be the problem... > > > > > > 1. Is it possible to make rsyslog write logfiles as a non-root user > > > - if > > > yes: how ? > > > 2a. Is it possible to add permissions for non-root user to run > > > rsyslog > > server - if > > > yes: how ? > > > 2b. How do I start rsyslog during boot as non-root user - can > > > chkconfig > > do > > this > > > ? do I need to edit /etc/init.d/rsyslog - if yes: how ? > > > > > > > > > Thanks in advance :-) ! > > > ~maymann > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
