Here is my startup script... only thing changed is the path to the new
6.3.6-rsyslog-devel binary.
The startup-scripts works also perfectly when i comment out the
PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but failes if i have
both or one of the entries...:
#!/bin/bash
#
# rsyslog Starts rsyslogd/rklogd.
#
#
# chkconfig: 2345 12 88
# description: Syslog is the facility by which many daemons use to log \
# messages to various system log files. It is a good idea to always \
# run rsyslog.
### BEGIN INIT INFO
# Provides: $syslog
# Required-Start: $local_fs
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Enhanced system logging and kernel message trapping
daemons
# Description: Rsyslog is an enhanced multi-threaded syslogd supporting,
# among others, MySQL, syslog/tcp, RFC 3195, permitted
# sender lists, filtering on any message part, and fine
# grain output format control.
### END INIT INFO
# Source function library.
. /etc/init.d/functions
RETVAL=0
PIDFILE=/var/run/syslogd.pid
prog=rsyslogd
#exec=/sbin/rsyslogd
exec=/usr/sbin/rsyslogd
lockfile=/var/lock/subsys/$prog
start() {
[ -x $exec ] || exit 5
# Source config
if [ -f /etc/sysconfig/rsyslog ] ; then
. /etc/sysconfig/rsyslog
fi
umask 077
echo -n $"Starting system logger: "
daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
stop() {
echo -n $"Shutting down system logger: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}
reload() {
RETVAL=1
syslog=$(cat "${PIDFILE}" 2>/dev/null)
echo -n "Reloading system logger..."
if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then
kill -HUP "$syslog";
RETVAL=$?
fi
if [ $RETVAL -ne 0 ]; then
failure
else
success
fi
echo
return $RETVAL
}
rhstatus() {
status -p "${PIDFILE}" $prog
}
restart() {
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload|force-reload)
reload
;;
status)
rhstatus
;;
condrestart|try-restart)
rhstatus >/dev/null 2>&1 || exit 0
restart
;;
*)
echo $"Usage: $0
{start|stop|restart|condrestart|try-restart|reload|force-reload|status}"
exit 2
esac
exit $?
2012/2/2 Rainer Gerhards <[email protected]>
>
>
> > -----Original Message-----
> > From: [email protected] [mailto:rsyslog-
> > [email protected]] On Behalf Of Michael Maymann
> > Sent: Wednesday, February 01, 2012 9:08 AM
> > To: rsyslog-users
> > Subject: Re: [rsyslog] rsyslog as non-root user
> >
> > Hi,
> >
> > David: thanks - got it working with permission dropping, by far my
> > prefered
> > configuration... just didn't know of it...:-) !
> > Rainer: please let us know if the debug info of the "permission
> > dropping:
> > hang+timeout" I send you can solve anything... anyway it works now -
> > but
> > not optimal if other people have to service my setup...:-) !
>
> I have reviewed the debug log and I see nothing unexpected. From the
> timestamps I also see that there is no hang whatsoever. So it looks like
> there is some problem with the startup script, which I don't know. I
> suggest
> to ask what the FAILED status is caused by. We can then look why this
> happens.
>
> Sorry I have no better answer...
> Rainer
>
> >
> > Thanks in advance :-) !
> > ~maymann
> >
> > 2012/2/1 <[email protected]>
> >
> > > On Tue, 31 Jan 2012, Michael Maymann wrote:
> > >
> > > Hi,
> > >>
> > >> I have now setup a 6.3.6-devel rsyslog server that is working fine
> > running
> > >> as root.
> > >> I would like to run it as non-root user as my logfiles are located
> > on NFS
> > >> (and root export of NFS is generally not a good idea !).
> > >>
> > >> Here is my rsyslog.conf:
> > >> #LOAD MODULES
> > >> $ModLoad imudp
> > >> $UDPServerRun 514
> > >> $UDPServerAddress 127.0.0.1
> > >> $ModLoad imtcp
> > >> $InputTCPServerRun 514
> > >> #SET DESTINATION FOR LOGS
> > >> $template
> > >> DYNmessages,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**
> > >> $MONTH%_messages"
> > >> $template
> > >>
> > DYNsecure,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_secure"
> > >> $template
> > >>
> > DYNmaillog,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_maillo
> > g"
> > >> $template
> > DYNcron,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_**
> > >> cron"
> > >> $template
> > >>
> > DYNspooler,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_spoole
> > r"
> > >> $template
> > >>
> > DYNboot,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_**boot.log"
> > >> $template
> > DYNtraps,"<PATH_TO>/%FROMHOST%**/%FROMHOST%_%$YEAR%.%$MONTH%_**
> > >> traps"
> > >> #SET LOGGING CONDITIONS
> > >> if $syslogseverity <= '6' then ?DYNmessages
> > >> if $syslogfacility-text == 'authpriv' then ?DYNsecure
> > >> if $syslogfacility-text == 'mail' then ?DYNmaillog
> > >> if $syslogfacility-text == 'cron' then ?DYNcron
> > >> if $syslogseverity-text == 'crit' then ?DYNspooler
> > >> if $syslogfacility-text == 'local7' then ?DYNboot
> > >> if $syslogfacility-text == 'local6' and $syslogseverity-text ==
> > 'WARNING'
> > >> then ?DYNtraps
> > >>
> > >> Here is my logfile when I try to start rsyslog as a non-root user:
> > >> 2012-01-31T15:45:52.997693+02:**00 <hostname> rsyslogd: [origin
> > >> software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info="
> > >> http://www.rsyslog.com";] start
> > >> 2012-01-31T15:45:52.997294+02:**00 <hostname> rsyslogd: bind:
> > Permission
> > >> denied
> > >> 2012-01-31T15:45:52.997369+02:**00 <hostname> rsyslogd: bind:
> > Permission
> > >> denied
> > >> 2012-01-31T15:45:52.997374+02:**00 <hostname> rsyslogd: No UDP
> > listen
> > >> socket
> > >> could successfully be initialized, message reception via UDP
> > disabled.
> > >> 2012-01-31T15:45:52.997376+02:**00 <hostname> rsyslogd: imudp: no
> > >> listeners
> > >> could be started, input not activated.
> > >> 2012-01-31T15:45:52.997379+02:**00 <hostname> rsyslogd3: activation
> > of
> > >> module
> > >> imudp failed [try http://www.rsyslog.com/e/-3 ]
> > >> 2012-01-31T15:45:52.997643+02:**00 <hostname> rsyslogd-2077: Could
> > not
> > >> create
> > >> tcp listener, ignoring port 514. [try http://www.rsyslog.com/e/2077
> > ]
> > >>
> > >> So permissions to bind and sockets seems to be the problem...
> > >>
> > >
> > > yes, you cannot bind to ports <1024 as a normal user (without making
> > some
> > > other non-standard changes through sysctl)
> > >
> > >
> > > 1. Is it possible to make rsyslog write logfiles as a non-root user
> > - if
> > >> yes: how ?
> > >>
> > >
> > > permission drop features
> > >
> > >
> > > 2a. Is it possible to add permissions for non-root user to run
> > rsyslog
> > >> server - if yes: how ?
> > >>
> > >
> > > pick a listening port > 1024 and it should work.
> > >
> > >
> > > 2b. How do I start rsyslog during boot as non-root user - can
> > chkconfig do
> > >> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ?
> > >>
> > >
> > > su can run a command as a different user.
> > >
> > > although as Rainer points out, you may just be looking for the
> > permission
> > > dropping features that are already in rsyslog.
> > >
> > > David Lang
> > >
> > > ______________________________**_________________
> > > rsyslog mailing list
> > >
> > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco
> > n.net/mailman/listinfo/rsyslog>
> > > http://www.rsyslog.com/**professional-
> > services/<http://www.rsyslog.com/professional-services/>
> > >
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
