Re: [rsyslog] rsyslog as non-root user

david Tue, 31 Jan 2012 15:57:52 -0800

On Tue, 31 Jan 2012, Michael Maymann wrote:

Hi,


I have now setup a 6.3.6-devel rsyslog server that is working fine running
as root.
I would like to run it as non-root user as my logfiles are located on NFS
(and root export of NFS is generally not a good idea !).

Here is my rsyslog.conf:
#LOAD MODULES
$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress 127.0.0.1
$ModLoad imtcp
$InputTCPServerRun 514
#SET DESTINATION FOR LOGS
$template
DYNmessages,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_messages"
$template
DYNsecure,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_secure"
$template
DYNmaillog,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_maillog"
$template DYNcron,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_cron"
$template
DYNspooler,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_spooler"
$template
DYNboot,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_boot.log"
$template DYNtraps,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONTH%_traps"
#SET LOGGING CONDITIONS
if $syslogseverity <= '6' then ?DYNmessages
if $syslogfacility-text == 'authpriv' then ?DYNsecure
if $syslogfacility-text == 'mail' then ?DYNmaillog
if $syslogfacility-text == 'cron' then ?DYNcron
if $syslogseverity-text == 'crit' then ?DYNspooler
if $syslogfacility-text == 'local7' then ?DYNboot
if $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING'
then ?DYNtraps

Here is my logfile when I try to start rsyslog as a non-root user:
2012-01-31T15:45:52.997693+02:00 <hostname> rsyslogd: [origin
software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info="
http://www.rsyslog.com";] start
2012-01-31T15:45:52.997294+02:00 <hostname> rsyslogd: bind: Permission
denied
2012-01-31T15:45:52.997369+02:00 <hostname> rsyslogd: bind: Permission
denied
2012-01-31T15:45:52.997374+02:00 <hostname> rsyslogd: No UDP listen socket
could successfully be initialized, message reception via UDP disabled.
2012-01-31T15:45:52.997376+02:00 <hostname> rsyslogd: imudp: no listeners
could be started, input not activated.
2012-01-31T15:45:52.997379+02:00 <hostname> rsyslogd3: activation of module
imudp failed [try http://www.rsyslog.com/e/-3 ]
2012-01-31T15:45:52.997643+02:00 <hostname> rsyslogd-2077: Could not create
tcp listener, ignoring port 514. [try http://www.rsyslog.com/e/2077 ]

So permissions to bind and sockets seems to be the problem...

yes, you cannot bind to ports <1024 as a normal user (without making someother non-standard changes through sysctl)

1. Is it possible to make rsyslog write logfiles as a non-root user - if
yes: how ?


permission drop features

2a. Is it possible to add permissions for non-root user to run rsyslog
server - if yes: how ?


pick a listening port > 1024 and it should work.

2b. How do I start rsyslog during boot as non-root user - can chkconfig do
this ? do I need to edit /etc/init.d/rsyslog - if yes: how ?


su can run a command as a different user.

although as Rainer points out, you may just be looking for the permissiondropping features that are already in rsyslog.


David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/

Re: [rsyslog] rsyslog as non-root user

Reply via email to