Anyone...? 2012/2/2 Rainer Gerhards <[email protected]>
> > > > -----Original Message----- > > From: [email protected] [mailto:rsyslog- > > [email protected]] On Behalf Of Michael Maymann > > Sent: Thursday, February 02, 2012 2:29 PM > > To: rsyslog-users > > Subject: Re: [rsyslog] rsyslog as non-root user > > > > Hi Rainer, > > > > I really have my doubts it has something to do with my startup script: > > 1. I only changed the exec=/usr/sbin/rsyslogd from default 2. It works > > perfectly when PrivDropTo is not used in rsyslog.conf. > > > > I'm running on RHEL6.1_x64. > > Do you have a working /etc/init.d/rsyslog what you can share/I can > test...? > > No > > rg > > > > > > Thanks in advance :-) ! > > ~maymann > > > > 2012/2/2 Michael Maymann <[email protected]> > > > > > Hi, > > > > > > Rainer: Sorry... forgot to mention that it doesn't say anything about > > > failing in the logs... and it actually doesn't fail... it works and > > > after the timeout+failed notice only the proccess owned by > > > PrivDropToUser-USER is present, but now owned by the init-proccess > > (mother proccess dies): > > > > > > # service rsyslog start > > > Starting system logger: [FAILED] > > > > > > BEFORE failed status: > > > root 9126 9125 0 11:07 pts/1 00:00:00 /usr/sbin/rsyslogd -c 6 > > > <PrivDropToUser-USER> 9131 9126 0 11:07 ? 00:00:00 > > > /usr/sbin/rsyslogd -c 6 > > > > > > AFTER failed status root-owned proccess is killed and > > > PrivDropToUser-USER owned proccess is therefore gets owned by init: > > > <PrivDropToUser-USER> 9131 1 0 11:07 ? 00:00:00 > > > /usr/sbin/rsyslogd -c 6 > > > > > > Anyone who can help with this...?: > > > here is the debug output when starting running the init-script: > > > #/etc/init.d/rsyslog start > > > + . /etc/init.d/functions > > > ++ TEXTDOMAIN=initscripts > > > ++ umask 022 > > > ++ PATH=/sbin:/usr/sbin:/bin:/usr/bin > > > ++ export PATH > > > ++ '[' -z '' ']' > > > ++ COLUMNS=80 > > > ++ '[' -z '' ']' > > > +++ /sbin/consoletype > > > ++ CONSOLETYPE=pty > > > ++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']' > > > ++ . /etc/profile.d/lang.sh > > > ++ unset LANGSH_SOURCED > > > ++ '[' -z '' ']' > > > ++ '[' -f /etc/sysconfig/init ']' > > > ++ . /etc/sysconfig/init > > > +++ BOOTUP=color > > > +++ RES_COL=60 > > > +++ MOVE_TO_COL='echo -en \033[60G' > > > +++ SETCOLOR_SUCCESS='echo -en \033[0;32m' > > > +++ SETCOLOR_FAILURE='echo -en \033[0;31m' > > > +++ SETCOLOR_WARNING='echo -en \033[0;33m' > > > +++ SETCOLOR_NORMAL='echo -en \033[0;39m' > > > +++ PROMPT=yes > > > +++ AUTOSWAP=no > > > +++ ACTIVE_CONSOLES='/dev/tty[1-6]' > > > +++ SINGLE=/sbin/sushell > > > ++ '[' pty = serial ']' > > > ++ > > > > > __sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\ > > .rpmsave\)$/d' > > > + RETVAL=0 > > > + PIDFILE=/var/run/syslogd.pid > > > + prog=rsyslogd > > > + exec=/usr/sbin/rsyslogd > > > + lockfile=/var/lock/subsys/rsyslogd > > > + case "$1" in > > > + start > > > + '[' -x /usr/sbin/rsyslogd ']' > > > + '[' -f /etc/sysconfig/rsyslog ']' > > > + . /etc/sysconfig/rsyslog > > > ++ SYSLOGD_OPTIONS='-c 6' > > > + umask 077 > > > + echo -n 'Starting system logger: ' > > > Starting system logger: + daemon --pidfile=/var/run/syslogd.pid > > > /usr/sbin/rsyslogd -c 6 > > > + local gotbase= force= nicelevel corelimit local pid base= user= > > > + nice= bg= pid_file= local cgroup= > > > + nicelevel=0 > > > + '[' --pidfile=/var/run/syslogd.pid '!=' -pidfile=/var/run/syslogd.pid > ']' > > > + case $1 in > > > + pid_file=/var/run/syslogd.pid > > > + shift > > > + '[' /usr/sbin/rsyslogd '!=' /usr/sbin/rsyslogd ']' > > > + '[' -z '' ']' > > > + base=rsyslogd > > > + __pids_var_run rsyslogd /var/run/syslogd.pid local base=rsyslogd > > > + local pid_file=/var/run/syslogd.pid pid= '[' -f /var/run/syslogd.pid > > > + ']' > > > + return 3 > > > + '[' -n '' -a -z '' ']' > > > + corelimit='ulimit -S -c 0' > > > + '[' -n '' ']' > > > + '[' -n '' ']' > > > + '[' color = verbose -a -z '' ']' > > > + '[' -z '' ']' > > > + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/rsyslogd -c > 6' > > > ... > > > (hangs here for a long time) > > > ... > > > + '[' 1 -eq 0 ']' > > > + failure 'rsyslogd startup' > > > + local rc=1 > > > + '[' color '!=' verbose -a -z '' ']' > > > + echo_failure > > > + '[' color = color ']' > > > + echo -en '\033[60G' > > > + echo -n > '[' > > > [+ '[' color = color ']' > > > + echo -en '\033[0;31m' > > > + echo -n FAILED > > > FAILED+ '[' color = color ']' > > > + echo -en '\033[0;39m' > > > + echo -n ']' > > > ]+ echo -ne '\r' > > > + return 1 > > > + '[' -x /usr/bin/plymouth ']' > > > + /usr/bin/plymouth --details > > > + return 1 > > > + RETVAL=1 > > > + echo > > > > > > + '[' 1 -eq 0 ']' > > > + return 1 > > > + exit 1 > > > > > > I have tried to give 777-access to /var/run and /var/lock/subsys - but > > > same thing happens... > > > > > > > > > > > > Thanks in advance :-) ! > > > > > > Br. > > > ~maymann > > > > > > > > > > > > 2012/2/2 Rainer Gerhards <[email protected]> > > > > > >> I can only help you with that part if you point me to why exactly the > > >> script claims what it does. So you may want to try find someone who > > >> can do that. > > >> I > > >> know this is probably a trivial question, but I don't know anything > > >> ;) > > >> > > >> Sry, rainer > > >> > > >> > -----Original Message----- > > >> > From: [email protected] [mailto:rsyslog- > > >> > [email protected]] On Behalf Of Michael Maymann > > >> > Sent: Thursday, February 02, 2012 10:03 AM > > >> > To: rsyslog-users > > >> > Subject: Re: [rsyslog] rsyslog as non-root user > > >> > > > >> > Here is my startup script... only thing changed is the path to the > > >> > new 6.3.6-rsyslog-devel binary. > > >> > The startup-scripts works also perfectly when i comment out the > > >> > PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but failes if > > >> > PrivDropToUser+i > > >> > have > > >> > both or one of the entries...: > > >> > #!/bin/bash > > >> > # > > >> > # rsyslog Starts rsyslogd/rklogd. > > >> > # > > >> > # > > >> > # chkconfig: 2345 12 88 > > >> > # description: Syslog is the facility by which many daemons use to > > >> > log \ # messages to various system log files. It is a good idea to > > >> > always \ # run rsyslog. > > >> > ### BEGIN INIT INFO > > >> > # Provides: $syslog > > >> > # Required-Start: $local_fs > > >> > # Required-Stop: $local_fs > > >> > # Default-Start: 2 3 4 5 > > >> > # Default-Stop: 0 1 6 > > >> > # Short-Description: Enhanced system logging and kernel message > > >> > trapping daemons # Description: Rsyslog is an enhanced > > >> > multi-threaded syslogd supporting, > > >> > # among others, MySQL, syslog/tcp, RFC 3195, permitted > > >> > # sender lists, filtering on any message part, and fine > > >> > # grain output format control. > > >> > ### END INIT INFO > > >> > > > >> > # Source function library. > > >> > . /etc/init.d/functions > > >> > > > >> > RETVAL=0 > > >> > PIDFILE=/var/run/syslogd.pid > > >> > > > >> > prog=rsyslogd > > >> > #exec=/sbin/rsyslogd > > >> > exec=/usr/sbin/rsyslogd > > >> > lockfile=/var/lock/subsys/$prog > > >> > > > >> > start() { > > >> > [ -x $exec ] || exit 5 > > >> > > > >> > # Source config > > >> > if [ -f /etc/sysconfig/rsyslog ] ; then > > >> > . /etc/sysconfig/rsyslog > > >> > fi > > >> > umask 077 > > >> > > > >> > echo -n $"Starting system logger: " > > >> > daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS > > >> > RETVAL=$? > > >> > echo > > >> > [ $RETVAL -eq 0 ] && touch $lockfile > > >> > return $RETVAL > > >> > } > > >> > stop() { > > >> > echo -n $"Shutting down system logger: " > > >> > killproc $prog > > >> > RETVAL=$? > > >> > echo > > >> > [ $RETVAL -eq 0 ] && rm -f $lockfile > > >> > return $RETVAL > > >> > } > > >> > reload() { > > >> > RETVAL=1 > > >> > syslog=$(cat "${PIDFILE}" 2>/dev/null) > > >> > echo -n "Reloading system logger..." > > >> > if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then > > >> > kill -HUP "$syslog"; > > >> > RETVAL=$? > > >> > fi > > >> > if [ $RETVAL -ne 0 ]; then > > >> > failure > > >> > else > > >> > success > > >> > fi > > >> > echo > > >> > return $RETVAL > > >> > } > > >> > rhstatus() { > > >> > status -p "${PIDFILE}" $prog } > > >> > restart() { > > >> > stop > > >> > start > > >> > } > > >> > > > >> > case "$1" in > > >> > start) > > >> > start > > >> > ;; > > >> > stop) > > >> > stop > > >> > ;; > > >> > restart) > > >> > restart > > >> > ;; > > >> > reload|force-reload) > > >> > reload > > >> > ;; > > >> > status) > > >> > rhstatus > > >> > ;; > > >> > condrestart|try-restart) > > >> > rhstatus >/dev/null 2>&1 || exit 0 > > >> > restart > > >> > ;; > > >> > *) > > >> > echo $"Usage: $0 > > >> > {start|stop|restart|condrestart|try-restart|reload|force- > > >> > reload|status}" > > >> > exit 2 > > >> > esac > > >> > > > >> > exit $? > > >> > > > >> > 2012/2/2 Rainer Gerhards <[email protected]> > > >> > > > >> > > > > >> > > > > >> > > > -----Original Message----- > > >> > > > From: [email protected] [mailto:rsyslog- > > >> > > > [email protected]] On Behalf Of Michael Maymann > > >> > > > Sent: Wednesday, February 01, 2012 9:08 AM > > >> > > > To: rsyslog-users > > >> > > > Subject: Re: [rsyslog] rsyslog as non-root user > > >> > > > > > >> > > > Hi, > > >> > > > > > >> > > > David: thanks - got it working with permission dropping, by far > > >> > > > my prefered configuration... just didn't know of it...:-) ! > > >> > > > Rainer: please let us know if the debug info of the "permission > > >> > > > dropping: > > >> > > > hang+timeout" I send you can solve anything... anyway it works > > >> > > > hang+now > > >> > - > > >> > > > but > > >> > > > not optimal if other people have to service my setup...:-) ! > > >> > > > > >> > > I have reviewed the debug log and I see nothing unexpected. From > > >> > > the timestamps I also see that there is no hang whatsoever. So it > > >> > > looks > > >> > like > > >> > > there is some problem with the startup script, which I don't > > >> > > know. I suggest to ask what the FAILED status is caused by. We > > >> > > can then look why this happens. > > >> > > > > >> > > Sorry I have no better answer... > > >> > > Rainer > > >> > > > > >> > > > > > >> > > > Thanks in advance :-) ! > > >> > > > ~maymann > > >> > > > > > >> > > > 2012/2/1 <[email protected]> > > >> > > > > > >> > > > > On Tue, 31 Jan 2012, Michael Maymann wrote: > > >> > > > > > > >> > > > > Hi, > > >> > > > >> > > >> > > > >> I have now setup a 6.3.6-devel rsyslog server that is > > >> > > > >> working > > >> > fine > > >> > > > running > > >> > > > >> as root. > > >> > > > >> I would like to run it as non-root user as my logfiles are > > >> > located > > >> > > > on NFS > > >> > > > >> (and root export of NFS is generally not a good idea !). > > >> > > > >> > > >> > > > >> Here is my rsyslog.conf: > > >> > > > >> #LOAD MODULES > > >> > > > >> $ModLoad imudp > > >> > > > >> $UDPServerRun 514 > > >> > > > >> $UDPServerAddress 127.0.0.1 > > >> > > > >> $ModLoad imtcp > > >> > > > >> $InputTCPServerRun 514 > > >> > > > >> #SET DESTINATION FOR LOGS > > >> > > > >> $template > > >> > > > >> > > DYNmessages,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.% > > ** > > >> > > > >> $MONTH%_messages" > > >> > > > >> $template > > >> > > > >> > > >> > > > > > >> > > > DYNsecure,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** > > $MONTH%_secure" > > >> > > > >> $template > > >> > > > >> > > >> > > > > > >> > > > DYNmaillog,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** > > $MONTH%_ma > > >> > illo > > >> > > > g" > > >> > > > >> $template > > >> > > > > > DYNcron,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MO > > NTH%_** > > >> > > > >> cron" > > >> > > > >> $template > > >> > > > >> > > >> > > > > > >> > > > DYNspooler,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** > > $MONTH%_sp > > >> > oole > > >> > > > r" > > >> > > > >> $template > > >> > > > >> > > >> > > > > > >> > > > DYNboot,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MO > > NTH%_**boot.log" > > >> > > > >> $template > > >> > > > > > DYNtraps,"<PATH_TO>/%FROMHOST%**/%FROMHOST%_%$YEAR%.%$MO > > NTH%_** > > >> > > > >> traps" > > >> > > > >> #SET LOGGING CONDITIONS > > >> > > > >> if $syslogseverity <= '6' then ?DYNmessages if > > >> > > > >> $syslogfacility-text == 'authpriv' then ?DYNsecure if > > >> > > > >> $syslogfacility-text == 'mail' then ?DYNmaillog if > > >> > > > >> $syslogfacility-text == 'cron' then ?DYNcron if > > >> > > > >> $syslogseverity-text == 'crit' then ?DYNspooler if > > >> > > > >> $syslogfacility-text == 'local7' then ?DYNboot if > > >> > > > >> $syslogfacility-text == 'local6' and $syslogseverity-text == > > >> > > > 'WARNING' > > >> > > > >> then ?DYNtraps > > >> > > > >> > > >> > > > >> Here is my logfile when I try to start rsyslog as a non-root > > >> > user: > > >> > > > >> 2012-01-31T15:45:52.997693+02:**00 <hostname> rsyslogd: > > >> > > > >> [origin software="rsyslogd" swVersion="6.3.6" x-pid="26185" > x- > > info=" > > >> > > > >> http://www.rsyslog.com";] start > > >> > > > >> 2012-01-31T15:45:52.997294+02:**00 <hostname> rsyslogd: bind: > > >> > > > Permission > > >> > > > >> denied > > >> > > > >> 2012-01-31T15:45:52.997369+02:**00 <hostname> rsyslogd: bind: > > >> > > > Permission > > >> > > > >> denied > > >> > > > >> 2012-01-31T15:45:52.997374+02:**00 <hostname> rsyslogd: No > > >> > > > >> UDP > > >> > > > listen > > >> > > > >> socket > > >> > > > >> could successfully be initialized, message reception via UDP > > >> > > > disabled. > > >> > > > >> 2012-01-31T15:45:52.997376+02:**00 <hostname> rsyslogd: > > imudp: > > >> > no > > >> > > > >> listeners > > >> > > > >> could be started, input not activated. > > >> > > > >> 2012-01-31T15:45:52.997379+02:**00 <hostname> rsyslogd3: > > >> > activation > > >> > > > of > > >> > > > >> module > > >> > > > >> imudp failed [try http://www.rsyslog.com/e/-3 ] > > >> > > > >> 2012-01-31T15:45:52.997643+02:**00 <hostname> rsyslogd-2077: > > >> > Could > > >> > > > not > > >> > > > >> create > > >> > > > >> tcp listener, ignoring port 514. [try > > >> > http://www.rsyslog.com/e/2077 > > >> > > > ] > > >> > > > >> > > >> > > > >> So permissions to bind and sockets seems to be the problem... > > >> > > > >> > > >> > > > > > > >> > > > > yes, you cannot bind to ports <1024 as a normal user (without > > >> > making > > >> > > > some > > >> > > > > other non-standard changes through sysctl) > > >> > > > > > > >> > > > > > > >> > > > > 1. Is it possible to make rsyslog write logfiles as a > > >> > > > > non-root > > >> > user > > >> > > > - if > > >> > > > >> yes: how ? > > >> > > > >> > > >> > > > > > > >> > > > > permission drop features > > >> > > > > > > >> > > > > > > >> > > > > 2a. Is it possible to add permissions for non-root user to > > >> > > > > run > > >> > > > rsyslog > > >> > > > >> server - if yes: how ? > > >> > > > >> > > >> > > > > > > >> > > > > pick a listening port > 1024 and it should work. > > >> > > > > > > >> > > > > > > >> > > > > 2b. How do I start rsyslog during boot as non-root user - > > >> > > > > can > > >> > > > chkconfig do > > >> > > > >> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ? > > >> > > > >> > > >> > > > > > > >> > > > > su can run a command as a different user. > > >> > > > > > > >> > > > > although as Rainer points out, you may just be looking for > > >> > > > > the > > >> > > > permission > > >> > > > > dropping features that are already in rsyslog. > > >> > > > > > > >> > > > > David Lang > > >> > > > > > > >> > > > > ______________________________**_________________ > > >> > > > > rsyslog mailing list > > >> > > > > > > >> > > > > > >> > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.ad > > >> > isco > > >> > > > n.net/mailman/listinfo/rsyslog> > > >> > > > > http://www.rsyslog.com/**professional- > > >> > > > services/<http://www.rsyslog.com/professional-services/> > > >> > > > > > > >> > > > _______________________________________________ > > >> > > > rsyslog mailing list > > >> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > >> > > > http://www.rsyslog.com/professional-services/ > > >> > > _______________________________________________ > > >> > > rsyslog mailing list > > >> > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > >> > > http://www.rsyslog.com/professional-services/ > > >> > > > > >> > _______________________________________________ > > >> > rsyslog mailing list > > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > > >> > http://www.rsyslog.com/professional-services/ > > >> _______________________________________________ > > >> rsyslog mailing list > > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > > >> http://www.rsyslog.com/professional-services/ > > >> > > > > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
