Hi,

David: thanks - got it working with permission dropping, by far my prefered
configuration... just didn't know of it...:-) !
Rainer: please let us know if the debug info of the "permission dropping:
hang+timeout" I send you can solve anything... anyway it works now - but
not optimal if other people have to service my setup...:-) !

Thanks in advance :-) !
~maymann

2012/2/1 <[email protected]>

> On Tue, 31 Jan 2012, Michael Maymann wrote:
>
>  Hi,
>>
>> I have now setup a 6.3.6-devel rsyslog server that is working fine running
>> as root.
>> I would like to run it as non-root user as my logfiles are located on NFS
>> (and root export of NFS is generally not a good idea !).
>>
>> Here is my rsyslog.conf:
>> #LOAD MODULES
>> $ModLoad imudp
>> $UDPServerRun 514
>> $UDPServerAddress 127.0.0.1
>> $ModLoad imtcp
>> $InputTCPServerRun 514
>> #SET DESTINATION FOR LOGS
>> $template
>> DYNmessages,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**
>> $MONTH%_messages"
>> $template
>> DYNsecure,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_secure"
>> $template
>> DYNmaillog,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_maillog"
>> $template DYNcron,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_**
>> cron"
>> $template
>> DYNspooler,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_spooler"
>> $template
>> DYNboot,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_**boot.log"
>> $template DYNtraps,"<PATH_TO>/%FROMHOST%**/%FROMHOST%_%$YEAR%.%$MONTH%_**
>> traps"
>> #SET LOGGING CONDITIONS
>> if $syslogseverity <= '6' then ?DYNmessages
>> if $syslogfacility-text == 'authpriv' then ?DYNsecure
>> if $syslogfacility-text == 'mail' then ?DYNmaillog
>> if $syslogfacility-text == 'cron' then ?DYNcron
>> if $syslogseverity-text == 'crit' then ?DYNspooler
>> if $syslogfacility-text == 'local7' then ?DYNboot
>> if $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING'
>> then ?DYNtraps
>>
>> Here is my logfile when I try to start rsyslog as a non-root user:
>> 2012-01-31T15:45:52.997693+02:**00 <hostname> rsyslogd: [origin
>> software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info="
>> http://www.rsyslog.com";] start
>> 2012-01-31T15:45:52.997294+02:**00 <hostname> rsyslogd: bind: Permission
>> denied
>> 2012-01-31T15:45:52.997369+02:**00 <hostname> rsyslogd: bind: Permission
>> denied
>> 2012-01-31T15:45:52.997374+02:**00 <hostname> rsyslogd: No UDP listen
>> socket
>> could successfully be initialized, message reception via UDP disabled.
>> 2012-01-31T15:45:52.997376+02:**00 <hostname> rsyslogd: imudp: no
>> listeners
>> could be started, input not activated.
>> 2012-01-31T15:45:52.997379+02:**00 <hostname> rsyslogd3: activation of
>> module
>> imudp failed [try http://www.rsyslog.com/e/-3 ]
>> 2012-01-31T15:45:52.997643+02:**00 <hostname> rsyslogd-2077: Could not
>> create
>> tcp listener, ignoring port 514. [try http://www.rsyslog.com/e/2077 ]
>>
>> So permissions to bind and sockets seems to be the problem...
>>
>
> yes, you cannot bind to ports <1024 as a normal user (without making some
> other non-standard changes through sysctl)
>
>
>  1. Is it possible to make rsyslog write logfiles as a non-root user - if
>> yes: how ?
>>
>
> permission drop features
>
>
>  2a. Is it possible to add permissions for non-root user to run rsyslog
>> server - if yes: how ?
>>
>
> pick a listening port > 1024 and it should work.
>
>
>  2b. How do I start rsyslog during boot as non-root user - can chkconfig do
>> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ?
>>
>
> su can run a command as a different user.
>
> although as Rainer points out, you may just be looking for the permission
> dropping features that are already in rsyslog.
>
> David Lang
>
> ______________________________**_________________
> rsyslog mailing list
> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog>
> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/>
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/

Reply via email to