> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Michael Maymann > Sent: Wednesday, February 01, 2012 9:08 AM > To: rsyslog-users > Subject: Re: [rsyslog] rsyslog as non-root user > > Hi, > > David: thanks - got it working with permission dropping, by far my > prefered > configuration... just didn't know of it...:-) ! > Rainer: please let us know if the debug info of the "permission > dropping: > hang+timeout" I send you can solve anything... anyway it works now - > but > not optimal if other people have to service my setup...:-) !
I have reviewed the debug log and I see nothing unexpected. From the timestamps I also see that there is no hang whatsoever. So it looks like there is some problem with the startup script, which I don't know. I suggest to ask what the FAILED status is caused by. We can then look why this happens. Sorry I have no better answer... Rainer > > Thanks in advance :-) ! > ~maymann > > 2012/2/1 <[email protected]> > > > On Tue, 31 Jan 2012, Michael Maymann wrote: > > > > Hi, > >> > >> I have now setup a 6.3.6-devel rsyslog server that is working fine > running > >> as root. > >> I would like to run it as non-root user as my logfiles are located > on NFS > >> (and root export of NFS is generally not a good idea !). > >> > >> Here is my rsyslog.conf: > >> #LOAD MODULES > >> $ModLoad imudp > >> $UDPServerRun 514 > >> $UDPServerAddress 127.0.0.1 > >> $ModLoad imtcp > >> $InputTCPServerRun 514 > >> #SET DESTINATION FOR LOGS > >> $template > >> DYNmessages,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** > >> $MONTH%_messages" > >> $template > >> > DYNsecure,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_secure" > >> $template > >> > DYNmaillog,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_maillo > g" > >> $template > DYNcron,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_** > >> cron" > >> $template > >> > DYNspooler,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_spoole > r" > >> $template > >> > DYNboot,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_**boot.log" > >> $template > DYNtraps,"<PATH_TO>/%FROMHOST%**/%FROMHOST%_%$YEAR%.%$MONTH%_** > >> traps" > >> #SET LOGGING CONDITIONS > >> if $syslogseverity <= '6' then ?DYNmessages > >> if $syslogfacility-text == 'authpriv' then ?DYNsecure > >> if $syslogfacility-text == 'mail' then ?DYNmaillog > >> if $syslogfacility-text == 'cron' then ?DYNcron > >> if $syslogseverity-text == 'crit' then ?DYNspooler > >> if $syslogfacility-text == 'local7' then ?DYNboot > >> if $syslogfacility-text == 'local6' and $syslogseverity-text == > 'WARNING' > >> then ?DYNtraps > >> > >> Here is my logfile when I try to start rsyslog as a non-root user: > >> 2012-01-31T15:45:52.997693+02:**00 <hostname> rsyslogd: [origin > >> software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info=" > >> http://www.rsyslog.com";] start > >> 2012-01-31T15:45:52.997294+02:**00 <hostname> rsyslogd: bind: > Permission > >> denied > >> 2012-01-31T15:45:52.997369+02:**00 <hostname> rsyslogd: bind: > Permission > >> denied > >> 2012-01-31T15:45:52.997374+02:**00 <hostname> rsyslogd: No UDP > listen > >> socket > >> could successfully be initialized, message reception via UDP > disabled. > >> 2012-01-31T15:45:52.997376+02:**00 <hostname> rsyslogd: imudp: no > >> listeners > >> could be started, input not activated. > >> 2012-01-31T15:45:52.997379+02:**00 <hostname> rsyslogd3: activation > of > >> module > >> imudp failed [try http://www.rsyslog.com/e/-3 ] > >> 2012-01-31T15:45:52.997643+02:**00 <hostname> rsyslogd-2077: Could > not > >> create > >> tcp listener, ignoring port 514. [try http://www.rsyslog.com/e/2077 > ] > >> > >> So permissions to bind and sockets seems to be the problem... > >> > > > > yes, you cannot bind to ports <1024 as a normal user (without making > some > > other non-standard changes through sysctl) > > > > > > 1. Is it possible to make rsyslog write logfiles as a non-root user > - if > >> yes: how ? > >> > > > > permission drop features > > > > > > 2a. Is it possible to add permissions for non-root user to run > rsyslog > >> server - if yes: how ? > >> > > > > pick a listening port > 1024 and it should work. > > > > > > 2b. How do I start rsyslog during boot as non-root user - can > chkconfig do > >> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ? > >> > > > > su can run a command as a different user. > > > > although as Rainer points out, you may just be looking for the > permission > > dropping features that are already in rsyslog. > > > > David Lang > > > > ______________________________**_________________ > > rsyslog mailing list > > > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco > n.net/mailman/listinfo/rsyslog> > > http://www.rsyslog.com/**professional- > services/<http://www.rsyslog.com/professional-services/> > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
