Hi Rainer, I really have my doubts it has something to do with my startup script: 1. I only changed the exec=/usr/sbin/rsyslogd from default 2. It works perfectly when PrivDropTo is not used in rsyslog.conf.
I'm running on RHEL6.1_x64. Do you have a working /etc/init.d/rsyslog what you can share/I can test...? Thanks in advance :-) ! ~maymann 2012/2/2 Michael Maymann <[email protected]> > Hi, > > Rainer: Sorry... forgot to mention that it doesn't say anything about > failing in the logs... and it actually doesn't fail... it works and after > the timeout+failed notice only the proccess owned by PrivDropToUser-USER is > present, but now owned by the init-proccess (mother proccess dies): > > # service rsyslog start > Starting system logger: [FAILED] > > BEFORE failed status: > root 9126 9125 0 11:07 pts/1 00:00:00 /usr/sbin/rsyslogd -c 6 > <PrivDropToUser-USER> 9131 9126 0 11:07 ? 00:00:00 > /usr/sbin/rsyslogd -c 6 > > AFTER failed status root-owned proccess is killed and PrivDropToUser-USER > owned proccess is therefore gets owned by init: > <PrivDropToUser-USER> 9131 1 0 11:07 ? 00:00:00 > /usr/sbin/rsyslogd -c 6 > > Anyone who can help with this...?: > here is the debug output when starting running the init-script: > #/etc/init.d/rsyslog start > + . /etc/init.d/functions > ++ TEXTDOMAIN=initscripts > ++ umask 022 > ++ PATH=/sbin:/usr/sbin:/bin:/usr/bin > ++ export PATH > ++ '[' -z '' ']' > ++ COLUMNS=80 > ++ '[' -z '' ']' > +++ /sbin/consoletype > ++ CONSOLETYPE=pty > ++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']' > ++ . /etc/profile.d/lang.sh > ++ unset LANGSH_SOURCED > ++ '[' -z '' ']' > ++ '[' -f /etc/sysconfig/init ']' > ++ . /etc/sysconfig/init > +++ BOOTUP=color > +++ RES_COL=60 > +++ MOVE_TO_COL='echo -en \033[60G' > +++ SETCOLOR_SUCCESS='echo -en \033[0;32m' > +++ SETCOLOR_FAILURE='echo -en \033[0;31m' > +++ SETCOLOR_WARNING='echo -en \033[0;33m' > +++ SETCOLOR_NORMAL='echo -en \033[0;39m' > +++ PROMPT=yes > +++ AUTOSWAP=no > +++ ACTIVE_CONSOLES='/dev/tty[1-6]' > +++ SINGLE=/sbin/sushell > ++ '[' pty = serial ']' > ++ > __sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d' > + RETVAL=0 > + PIDFILE=/var/run/syslogd.pid > + prog=rsyslogd > + exec=/usr/sbin/rsyslogd > + lockfile=/var/lock/subsys/rsyslogd > + case "$1" in > + start > + '[' -x /usr/sbin/rsyslogd ']' > + '[' -f /etc/sysconfig/rsyslog ']' > + . /etc/sysconfig/rsyslog > ++ SYSLOGD_OPTIONS='-c 6' > + umask 077 > + echo -n 'Starting system logger: ' > Starting system logger: + daemon --pidfile=/var/run/syslogd.pid > /usr/sbin/rsyslogd -c 6 > + local gotbase= force= nicelevel corelimit > + local pid base= user= nice= bg= pid_file= > + local cgroup= > + nicelevel=0 > + '[' --pidfile=/var/run/syslogd.pid '!=' -pidfile=/var/run/syslogd.pid ']' > + case $1 in > + pid_file=/var/run/syslogd.pid > + shift > + '[' /usr/sbin/rsyslogd '!=' /usr/sbin/rsyslogd ']' > + '[' -z '' ']' > + base=rsyslogd > + __pids_var_run rsyslogd /var/run/syslogd.pid > + local base=rsyslogd > + local pid_file=/var/run/syslogd.pid > + pid= > + '[' -f /var/run/syslogd.pid ']' > + return 3 > + '[' -n '' -a -z '' ']' > + corelimit='ulimit -S -c 0' > + '[' -n '' ']' > + '[' -n '' ']' > + '[' color = verbose -a -z '' ']' > + '[' -z '' ']' > + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/rsyslogd -c 6' > ... > (hangs here for a long time) > ... > + '[' 1 -eq 0 ']' > + failure 'rsyslogd startup' > + local rc=1 > + '[' color '!=' verbose -a -z '' ']' > + echo_failure > + '[' color = color ']' > + echo -en '\033[60G' > + echo -n '[' > [+ '[' color = color ']' > + echo -en '\033[0;31m' > + echo -n FAILED > FAILED+ '[' color = color ']' > + echo -en '\033[0;39m' > + echo -n ']' > ]+ echo -ne '\r' > + return 1 > + '[' -x /usr/bin/plymouth ']' > + /usr/bin/plymouth --details > + return 1 > + RETVAL=1 > + echo > > + '[' 1 -eq 0 ']' > + return 1 > + exit 1 > > I have tried to give 777-access to /var/run and /var/lock/subsys - but > same thing happens... > > > > Thanks in advance :-) ! > > Br. > ~maymann > > > > 2012/2/2 Rainer Gerhards <[email protected]> > >> I can only help you with that part if you point me to why exactly the >> script >> claims what it does. So you may want to try find someone who can do that. >> I >> know this is probably a trivial question, but I don't know anything ;) >> >> Sry, rainer >> >> > -----Original Message----- >> > From: [email protected] [mailto:rsyslog- >> > [email protected]] On Behalf Of Michael Maymann >> > Sent: Thursday, February 02, 2012 10:03 AM >> > To: rsyslog-users >> > Subject: Re: [rsyslog] rsyslog as non-root user >> > >> > Here is my startup script... only thing changed is the path to the new >> > 6.3.6-rsyslog-devel binary. >> > The startup-scripts works also perfectly when i comment out the >> > PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but failes if i >> > have >> > both or one of the entries...: >> > #!/bin/bash >> > # >> > # rsyslog Starts rsyslogd/rklogd. >> > # >> > # >> > # chkconfig: 2345 12 88 >> > # description: Syslog is the facility by which many daemons use to log >> > \ >> > # messages to various system log files. It is a good idea to always \ >> > # run rsyslog. >> > ### BEGIN INIT INFO >> > # Provides: $syslog >> > # Required-Start: $local_fs >> > # Required-Stop: $local_fs >> > # Default-Start: 2 3 4 5 >> > # Default-Stop: 0 1 6 >> > # Short-Description: Enhanced system logging and kernel message >> > trapping >> > daemons >> > # Description: Rsyslog is an enhanced multi-threaded syslogd >> > supporting, >> > # among others, MySQL, syslog/tcp, RFC 3195, permitted >> > # sender lists, filtering on any message part, and fine >> > # grain output format control. >> > ### END INIT INFO >> > >> > # Source function library. >> > . /etc/init.d/functions >> > >> > RETVAL=0 >> > PIDFILE=/var/run/syslogd.pid >> > >> > prog=rsyslogd >> > #exec=/sbin/rsyslogd >> > exec=/usr/sbin/rsyslogd >> > lockfile=/var/lock/subsys/$prog >> > >> > start() { >> > [ -x $exec ] || exit 5 >> > >> > # Source config >> > if [ -f /etc/sysconfig/rsyslog ] ; then >> > . /etc/sysconfig/rsyslog >> > fi >> > umask 077 >> > >> > echo -n $"Starting system logger: " >> > daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS >> > RETVAL=$? >> > echo >> > [ $RETVAL -eq 0 ] && touch $lockfile >> > return $RETVAL >> > } >> > stop() { >> > echo -n $"Shutting down system logger: " >> > killproc $prog >> > RETVAL=$? >> > echo >> > [ $RETVAL -eq 0 ] && rm -f $lockfile >> > return $RETVAL >> > } >> > reload() { >> > RETVAL=1 >> > syslog=$(cat "${PIDFILE}" 2>/dev/null) >> > echo -n "Reloading system logger..." >> > if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then >> > kill -HUP "$syslog"; >> > RETVAL=$? >> > fi >> > if [ $RETVAL -ne 0 ]; then >> > failure >> > else >> > success >> > fi >> > echo >> > return $RETVAL >> > } >> > rhstatus() { >> > status -p "${PIDFILE}" $prog >> > } >> > restart() { >> > stop >> > start >> > } >> > >> > case "$1" in >> > start) >> > start >> > ;; >> > stop) >> > stop >> > ;; >> > restart) >> > restart >> > ;; >> > reload|force-reload) >> > reload >> > ;; >> > status) >> > rhstatus >> > ;; >> > condrestart|try-restart) >> > rhstatus >/dev/null 2>&1 || exit 0 >> > restart >> > ;; >> > *) >> > echo $"Usage: $0 >> > {start|stop|restart|condrestart|try-restart|reload|force- >> > reload|status}" >> > exit 2 >> > esac >> > >> > exit $? >> > >> > 2012/2/2 Rainer Gerhards <[email protected]> >> > >> > > >> > > >> > > > -----Original Message----- >> > > > From: [email protected] [mailto:rsyslog- >> > > > [email protected]] On Behalf Of Michael Maymann >> > > > Sent: Wednesday, February 01, 2012 9:08 AM >> > > > To: rsyslog-users >> > > > Subject: Re: [rsyslog] rsyslog as non-root user >> > > > >> > > > Hi, >> > > > >> > > > David: thanks - got it working with permission dropping, by far my >> > > > prefered >> > > > configuration... just didn't know of it...:-) ! >> > > > Rainer: please let us know if the debug info of the "permission >> > > > dropping: >> > > > hang+timeout" I send you can solve anything... anyway it works now >> > - >> > > > but >> > > > not optimal if other people have to service my setup...:-) ! >> > > >> > > I have reviewed the debug log and I see nothing unexpected. From the >> > > timestamps I also see that there is no hang whatsoever. So it looks >> > like >> > > there is some problem with the startup script, which I don't know. I >> > > suggest >> > > to ask what the FAILED status is caused by. We can then look why this >> > > happens. >> > > >> > > Sorry I have no better answer... >> > > Rainer >> > > >> > > > >> > > > Thanks in advance :-) ! >> > > > ~maymann >> > > > >> > > > 2012/2/1 <[email protected]> >> > > > >> > > > > On Tue, 31 Jan 2012, Michael Maymann wrote: >> > > > > >> > > > > Hi, >> > > > >> >> > > > >> I have now setup a 6.3.6-devel rsyslog server that is working >> > fine >> > > > running >> > > > >> as root. >> > > > >> I would like to run it as non-root user as my logfiles are >> > located >> > > > on NFS >> > > > >> (and root export of NFS is generally not a good idea !). >> > > > >> >> > > > >> Here is my rsyslog.conf: >> > > > >> #LOAD MODULES >> > > > >> $ModLoad imudp >> > > > >> $UDPServerRun 514 >> > > > >> $UDPServerAddress 127.0.0.1 >> > > > >> $ModLoad imtcp >> > > > >> $InputTCPServerRun 514 >> > > > >> #SET DESTINATION FOR LOGS >> > > > >> $template >> > > > >> DYNmessages,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** >> > > > >> $MONTH%_messages" >> > > > >> $template >> > > > >> >> > > > >> > DYNsecure,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_secure" >> > > > >> $template >> > > > >> >> > > > >> > DYNmaillog,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_maillo >> > > > g" >> > > > >> $template >> > > > DYNcron,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_** >> > > > >> cron" >> > > > >> $template >> > > > >> >> > > > >> > DYNspooler,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_spoole >> > > > r" >> > > > >> $template >> > > > >> >> > > > >> > DYNboot,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_**boot.log" >> > > > >> $template >> > > > DYNtraps,"<PATH_TO>/%FROMHOST%**/%FROMHOST%_%$YEAR%.%$MONTH%_** >> > > > >> traps" >> > > > >> #SET LOGGING CONDITIONS >> > > > >> if $syslogseverity <= '6' then ?DYNmessages >> > > > >> if $syslogfacility-text == 'authpriv' then ?DYNsecure >> > > > >> if $syslogfacility-text == 'mail' then ?DYNmaillog >> > > > >> if $syslogfacility-text == 'cron' then ?DYNcron >> > > > >> if $syslogseverity-text == 'crit' then ?DYNspooler >> > > > >> if $syslogfacility-text == 'local7' then ?DYNboot >> > > > >> if $syslogfacility-text == 'local6' and $syslogseverity-text == >> > > > 'WARNING' >> > > > >> then ?DYNtraps >> > > > >> >> > > > >> Here is my logfile when I try to start rsyslog as a non-root >> > user: >> > > > >> 2012-01-31T15:45:52.997693+02:**00 <hostname> rsyslogd: [origin >> > > > >> software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info=" >> > > > >> http://www.rsyslog.com";] start >> > > > >> 2012-01-31T15:45:52.997294+02:**00 <hostname> rsyslogd: bind: >> > > > Permission >> > > > >> denied >> > > > >> 2012-01-31T15:45:52.997369+02:**00 <hostname> rsyslogd: bind: >> > > > Permission >> > > > >> denied >> > > > >> 2012-01-31T15:45:52.997374+02:**00 <hostname> rsyslogd: No UDP >> > > > listen >> > > > >> socket >> > > > >> could successfully be initialized, message reception via UDP >> > > > disabled. >> > > > >> 2012-01-31T15:45:52.997376+02:**00 <hostname> rsyslogd: imudp: >> > no >> > > > >> listeners >> > > > >> could be started, input not activated. >> > > > >> 2012-01-31T15:45:52.997379+02:**00 <hostname> rsyslogd3: >> > activation >> > > > of >> > > > >> module >> > > > >> imudp failed [try http://www.rsyslog.com/e/-3 ] >> > > > >> 2012-01-31T15:45:52.997643+02:**00 <hostname> rsyslogd-2077: >> > Could >> > > > not >> > > > >> create >> > > > >> tcp listener, ignoring port 514. [try >> > http://www.rsyslog.com/e/2077 >> > > > ] >> > > > >> >> > > > >> So permissions to bind and sockets seems to be the problem... >> > > > >> >> > > > > >> > > > > yes, you cannot bind to ports <1024 as a normal user (without >> > making >> > > > some >> > > > > other non-standard changes through sysctl) >> > > > > >> > > > > >> > > > > 1. Is it possible to make rsyslog write logfiles as a non-root >> > user >> > > > - if >> > > > >> yes: how ? >> > > > >> >> > > > > >> > > > > permission drop features >> > > > > >> > > > > >> > > > > 2a. Is it possible to add permissions for non-root user to run >> > > > rsyslog >> > > > >> server - if yes: how ? >> > > > >> >> > > > > >> > > > > pick a listening port > 1024 and it should work. >> > > > > >> > > > > >> > > > > 2b. How do I start rsyslog during boot as non-root user - can >> > > > chkconfig do >> > > > >> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ? >> > > > >> >> > > > > >> > > > > su can run a command as a different user. >> > > > > >> > > > > although as Rainer points out, you may just be looking for the >> > > > permission >> > > > > dropping features that are already in rsyslog. >> > > > > >> > > > > David Lang >> > > > > >> > > > > ______________________________**_________________ >> > > > > rsyslog mailing list >> > > > > >> > > > >> > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco >> > > > n.net/mailman/listinfo/rsyslog> >> > > > > http://www.rsyslog.com/**professional- >> > > > services/<http://www.rsyslog.com/professional-services/> >> > > > > >> > > > _______________________________________________ >> > > > rsyslog mailing list >> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > > > http://www.rsyslog.com/professional-services/ >> > > _______________________________________________ >> > > rsyslog mailing list >> > > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > > http://www.rsyslog.com/professional-services/ >> > > >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
