bugreport created... http://bugzilla.adiscon.com/show_bug.cgi?id=306
Br. ~maymann 2012/2/2 Michael Maymann <[email protected]> > Anyone...? > > > 2012/2/2 Rainer Gerhards <[email protected]> > >> >> >> > -----Original Message----- >> > From: [email protected] [mailto:rsyslog- >> > [email protected]] On Behalf Of Michael Maymann >> > Sent: Thursday, February 02, 2012 2:29 PM >> > To: rsyslog-users >> > Subject: Re: [rsyslog] rsyslog as non-root user >> > >> > Hi Rainer, >> > >> > I really have my doubts it has something to do with my startup script: >> > 1. I only changed the exec=/usr/sbin/rsyslogd from default 2. It works >> > perfectly when PrivDropTo is not used in rsyslog.conf. >> > >> > I'm running on RHEL6.1_x64. >> > Do you have a working /etc/init.d/rsyslog what you can share/I can >> test...? >> >> No >> >> rg >> > >> > >> > Thanks in advance :-) ! >> > ~maymann >> > >> > 2012/2/2 Michael Maymann <[email protected]> >> > >> > > Hi, >> > > >> > > Rainer: Sorry... forgot to mention that it doesn't say anything about >> > > failing in the logs... and it actually doesn't fail... it works and >> > > after the timeout+failed notice only the proccess owned by >> > > PrivDropToUser-USER is present, but now owned by the init-proccess >> > (mother proccess dies): >> > > >> > > # service rsyslog start >> > > Starting system logger: [FAILED] >> > > >> > > BEFORE failed status: >> > > root 9126 9125 0 11:07 pts/1 00:00:00 /usr/sbin/rsyslogd -c >> 6 >> > > <PrivDropToUser-USER> 9131 9126 0 11:07 ? 00:00:00 >> > > /usr/sbin/rsyslogd -c 6 >> > > >> > > AFTER failed status root-owned proccess is killed and >> > > PrivDropToUser-USER owned proccess is therefore gets owned by init: >> > > <PrivDropToUser-USER> 9131 1 0 11:07 ? 00:00:00 >> > > /usr/sbin/rsyslogd -c 6 >> > > >> > > Anyone who can help with this...?: >> > > here is the debug output when starting running the init-script: >> > > #/etc/init.d/rsyslog start >> > > + . /etc/init.d/functions >> > > ++ TEXTDOMAIN=initscripts >> > > ++ umask 022 >> > > ++ PATH=/sbin:/usr/sbin:/bin:/usr/bin >> > > ++ export PATH >> > > ++ '[' -z '' ']' >> > > ++ COLUMNS=80 >> > > ++ '[' -z '' ']' >> > > +++ /sbin/consoletype >> > > ++ CONSOLETYPE=pty >> > > ++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']' >> > > ++ . /etc/profile.d/lang.sh >> > > ++ unset LANGSH_SOURCED >> > > ++ '[' -z '' ']' >> > > ++ '[' -f /etc/sysconfig/init ']' >> > > ++ . /etc/sysconfig/init >> > > +++ BOOTUP=color >> > > +++ RES_COL=60 >> > > +++ MOVE_TO_COL='echo -en \033[60G' >> > > +++ SETCOLOR_SUCCESS='echo -en \033[0;32m' >> > > +++ SETCOLOR_FAILURE='echo -en \033[0;31m' >> > > +++ SETCOLOR_WARNING='echo -en \033[0;33m' >> > > +++ SETCOLOR_NORMAL='echo -en \033[0;39m' >> > > +++ PROMPT=yes >> > > +++ AUTOSWAP=no >> > > +++ ACTIVE_CONSOLES='/dev/tty[1-6]' >> > > +++ SINGLE=/sbin/sushell >> > > ++ '[' pty = serial ']' >> > > ++ >> > > >> > __sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\ >> > .rpmsave\)$/d' >> > > + RETVAL=0 >> > > + PIDFILE=/var/run/syslogd.pid >> > > + prog=rsyslogd >> > > + exec=/usr/sbin/rsyslogd >> > > + lockfile=/var/lock/subsys/rsyslogd >> > > + case "$1" in >> > > + start >> > > + '[' -x /usr/sbin/rsyslogd ']' >> > > + '[' -f /etc/sysconfig/rsyslog ']' >> > > + . /etc/sysconfig/rsyslog >> > > ++ SYSLOGD_OPTIONS='-c 6' >> > > + umask 077 >> > > + echo -n 'Starting system logger: ' >> > > Starting system logger: + daemon --pidfile=/var/run/syslogd.pid >> > > /usr/sbin/rsyslogd -c 6 >> > > + local gotbase= force= nicelevel corelimit local pid base= user= >> > > + nice= bg= pid_file= local cgroup= >> > > + nicelevel=0 >> > > + '[' --pidfile=/var/run/syslogd.pid '!=' >> -pidfile=/var/run/syslogd.pid >> ']' >> > > + case $1 in >> > > + pid_file=/var/run/syslogd.pid >> > > + shift >> > > + '[' /usr/sbin/rsyslogd '!=' /usr/sbin/rsyslogd ']' >> > > + '[' -z '' ']' >> > > + base=rsyslogd >> > > + __pids_var_run rsyslogd /var/run/syslogd.pid local base=rsyslogd >> > > + local pid_file=/var/run/syslogd.pid pid= '[' -f /var/run/syslogd.pid >> > > + ']' >> > > + return 3 >> > > + '[' -n '' -a -z '' ']' >> > > + corelimit='ulimit -S -c 0' >> > > + '[' -n '' ']' >> > > + '[' -n '' ']' >> > > + '[' color = verbose -a -z '' ']' >> > > + '[' -z '' ']' >> > > + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/rsyslogd >> -c 6' >> > > ... >> > > (hangs here for a long time) >> > > ... >> > > + '[' 1 -eq 0 ']' >> > > + failure 'rsyslogd startup' >> > > + local rc=1 >> > > + '[' color '!=' verbose -a -z '' ']' >> > > + echo_failure >> > > + '[' color = color ']' >> > > + echo -en '\033[60G' >> > > + echo -n >> '[' >> > > [+ '[' color = color ']' >> > > + echo -en '\033[0;31m' >> > > + echo -n FAILED >> > > FAILED+ '[' color = color ']' >> > > + echo -en '\033[0;39m' >> > > + echo -n ']' >> > > ]+ echo -ne '\r' >> > > + return 1 >> > > + '[' -x /usr/bin/plymouth ']' >> > > + /usr/bin/plymouth --details >> > > + return 1 >> > > + RETVAL=1 >> > > + echo >> > > >> > > + '[' 1 -eq 0 ']' >> > > + return 1 >> > > + exit 1 >> > > >> > > I have tried to give 777-access to /var/run and /var/lock/subsys - but >> > > same thing happens... >> > > >> > > >> > > >> > > Thanks in advance :-) ! >> > > >> > > Br. >> > > ~maymann >> > > >> > > >> > > >> > > 2012/2/2 Rainer Gerhards <[email protected]> >> > > >> > >> I can only help you with that part if you point me to why exactly the >> > >> script claims what it does. So you may want to try find someone who >> > >> can do that. >> > >> I >> > >> know this is probably a trivial question, but I don't know anything >> > >> ;) >> > >> >> > >> Sry, rainer >> > >> >> > >> > -----Original Message----- >> > >> > From: [email protected] [mailto:rsyslog- >> > >> > [email protected]] On Behalf Of Michael Maymann >> > >> > Sent: Thursday, February 02, 2012 10:03 AM >> > >> > To: rsyslog-users >> > >> > Subject: Re: [rsyslog] rsyslog as non-root user >> > >> > >> > >> > Here is my startup script... only thing changed is the path to the >> > >> > new 6.3.6-rsyslog-devel binary. >> > >> > The startup-scripts works also perfectly when i comment out the >> > >> > PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but failes if >> > >> > PrivDropToUser+i >> > >> > have >> > >> > both or one of the entries...: >> > >> > #!/bin/bash >> > >> > # >> > >> > # rsyslog Starts rsyslogd/rklogd. >> > >> > # >> > >> > # >> > >> > # chkconfig: 2345 12 88 >> > >> > # description: Syslog is the facility by which many daemons use to >> > >> > log \ # messages to various system log files. It is a good idea to >> > >> > always \ # run rsyslog. >> > >> > ### BEGIN INIT INFO >> > >> > # Provides: $syslog >> > >> > # Required-Start: $local_fs >> > >> > # Required-Stop: $local_fs >> > >> > # Default-Start: 2 3 4 5 >> > >> > # Default-Stop: 0 1 6 >> > >> > # Short-Description: Enhanced system logging and kernel message >> > >> > trapping daemons # Description: Rsyslog is an enhanced >> > >> > multi-threaded syslogd supporting, >> > >> > # among others, MySQL, syslog/tcp, RFC 3195, permitted >> > >> > # sender lists, filtering on any message part, and >> fine >> > >> > # grain output format control. >> > >> > ### END INIT INFO >> > >> > >> > >> > # Source function library. >> > >> > . /etc/init.d/functions >> > >> > >> > >> > RETVAL=0 >> > >> > PIDFILE=/var/run/syslogd.pid >> > >> > >> > >> > prog=rsyslogd >> > >> > #exec=/sbin/rsyslogd >> > >> > exec=/usr/sbin/rsyslogd >> > >> > lockfile=/var/lock/subsys/$prog >> > >> > >> > >> > start() { >> > >> > [ -x $exec ] || exit 5 >> > >> > >> > >> > # Source config >> > >> > if [ -f /etc/sysconfig/rsyslog ] ; then >> > >> > . /etc/sysconfig/rsyslog >> > >> > fi >> > >> > umask 077 >> > >> > >> > >> > echo -n $"Starting system logger: " >> > >> > daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS >> > >> > RETVAL=$? >> > >> > echo >> > >> > [ $RETVAL -eq 0 ] && touch $lockfile >> > >> > return $RETVAL >> > >> > } >> > >> > stop() { >> > >> > echo -n $"Shutting down system logger: " >> > >> > killproc $prog >> > >> > RETVAL=$? >> > >> > echo >> > >> > [ $RETVAL -eq 0 ] && rm -f $lockfile >> > >> > return $RETVAL >> > >> > } >> > >> > reload() { >> > >> > RETVAL=1 >> > >> > syslog=$(cat "${PIDFILE}" 2>/dev/null) >> > >> > echo -n "Reloading system logger..." >> > >> > if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then >> > >> > kill -HUP "$syslog"; >> > >> > RETVAL=$? >> > >> > fi >> > >> > if [ $RETVAL -ne 0 ]; then >> > >> > failure >> > >> > else >> > >> > success >> > >> > fi >> > >> > echo >> > >> > return $RETVAL >> > >> > } >> > >> > rhstatus() { >> > >> > status -p "${PIDFILE}" $prog } >> > >> > restart() { >> > >> > stop >> > >> > start >> > >> > } >> > >> > >> > >> > case "$1" in >> > >> > start) >> > >> > start >> > >> > ;; >> > >> > stop) >> > >> > stop >> > >> > ;; >> > >> > restart) >> > >> > restart >> > >> > ;; >> > >> > reload|force-reload) >> > >> > reload >> > >> > ;; >> > >> > status) >> > >> > rhstatus >> > >> > ;; >> > >> > condrestart|try-restart) >> > >> > rhstatus >/dev/null 2>&1 || exit 0 >> > >> > restart >> > >> > ;; >> > >> > *) >> > >> > echo $"Usage: $0 >> > >> > {start|stop|restart|condrestart|try-restart|reload|force- >> > >> > reload|status}" >> > >> > exit 2 >> > >> > esac >> > >> > >> > >> > exit $? >> > >> > >> > >> > 2012/2/2 Rainer Gerhards <[email protected]> >> > >> > >> > >> > > >> > >> > > >> > >> > > > -----Original Message----- >> > >> > > > From: [email protected] [mailto:rsyslog- >> > >> > > > [email protected]] On Behalf Of Michael Maymann >> > >> > > > Sent: Wednesday, February 01, 2012 9:08 AM >> > >> > > > To: rsyslog-users >> > >> > > > Subject: Re: [rsyslog] rsyslog as non-root user >> > >> > > > >> > >> > > > Hi, >> > >> > > > >> > >> > > > David: thanks - got it working with permission dropping, by far >> > >> > > > my prefered configuration... just didn't know of it...:-) ! >> > >> > > > Rainer: please let us know if the debug info of the "permission >> > >> > > > dropping: >> > >> > > > hang+timeout" I send you can solve anything... anyway it works >> > >> > > > hang+now >> > >> > - >> > >> > > > but >> > >> > > > not optimal if other people have to service my setup...:-) ! >> > >> > > >> > >> > > I have reviewed the debug log and I see nothing unexpected. From >> > >> > > the timestamps I also see that there is no hang whatsoever. So it >> > >> > > looks >> > >> > like >> > >> > > there is some problem with the startup script, which I don't >> > >> > > know. I suggest to ask what the FAILED status is caused by. We >> > >> > > can then look why this happens. >> > >> > > >> > >> > > Sorry I have no better answer... >> > >> > > Rainer >> > >> > > >> > >> > > > >> > >> > > > Thanks in advance :-) ! >> > >> > > > ~maymann >> > >> > > > >> > >> > > > 2012/2/1 <[email protected]> >> > >> > > > >> > >> > > > > On Tue, 31 Jan 2012, Michael Maymann wrote: >> > >> > > > > >> > >> > > > > Hi, >> > >> > > > >> >> > >> > > > >> I have now setup a 6.3.6-devel rsyslog server that is >> > >> > > > >> working >> > >> > fine >> > >> > > > running >> > >> > > > >> as root. >> > >> > > > >> I would like to run it as non-root user as my logfiles are >> > >> > located >> > >> > > > on NFS >> > >> > > > >> (and root export of NFS is generally not a good idea !). >> > >> > > > >> >> > >> > > > >> Here is my rsyslog.conf: >> > >> > > > >> #LOAD MODULES >> > >> > > > >> $ModLoad imudp >> > >> > > > >> $UDPServerRun 514 >> > >> > > > >> $UDPServerAddress 127.0.0.1 >> > >> > > > >> $ModLoad imtcp >> > >> > > > >> $InputTCPServerRun 514 >> > >> > > > >> #SET DESTINATION FOR LOGS >> > >> > > > >> $template >> > >> > > > >> >> > DYNmessages,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.% >> > ** >> > >> > > > >> $MONTH%_messages" >> > >> > > > >> $template >> > >> > > > >> >> > >> > > > >> > >> > >> > DYNsecure,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** >> > $MONTH%_secure" >> > >> > > > >> $template >> > >> > > > >> >> > >> > > > >> > >> > >> > DYNmaillog,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** >> > $MONTH%_ma >> > >> > illo >> > >> > > > g" >> > >> > > > >> $template >> > >> > > > >> > DYNcron,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MO >> > NTH%_** >> > >> > > > >> cron" >> > >> > > > >> $template >> > >> > > > >> >> > >> > > > >> > >> > >> > DYNspooler,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** >> > $MONTH%_sp >> > >> > oole >> > >> > > > r" >> > >> > > > >> $template >> > >> > > > >> >> > >> > > > >> > >> > >> > DYNboot,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MO >> > NTH%_**boot.log" >> > >> > > > >> $template >> > >> > > > >> > DYNtraps,"<PATH_TO>/%FROMHOST%**/%FROMHOST%_%$YEAR%.%$MO >> > NTH%_** >> > >> > > > >> traps" >> > >> > > > >> #SET LOGGING CONDITIONS >> > >> > > > >> if $syslogseverity <= '6' then ?DYNmessages if >> > >> > > > >> $syslogfacility-text == 'authpriv' then ?DYNsecure if >> > >> > > > >> $syslogfacility-text == 'mail' then ?DYNmaillog if >> > >> > > > >> $syslogfacility-text == 'cron' then ?DYNcron if >> > >> > > > >> $syslogseverity-text == 'crit' then ?DYNspooler if >> > >> > > > >> $syslogfacility-text == 'local7' then ?DYNboot if >> > >> > > > >> $syslogfacility-text == 'local6' and $syslogseverity-text == >> > >> > > > 'WARNING' >> > >> > > > >> then ?DYNtraps >> > >> > > > >> >> > >> > > > >> Here is my logfile when I try to start rsyslog as a non-root >> > >> > user: >> > >> > > > >> 2012-01-31T15:45:52.997693+02:**00 <hostname> rsyslogd: >> > >> > > > >> [origin software="rsyslogd" swVersion="6.3.6" x-pid="26185" >> x- >> > info=" >> > >> > > > >> http://www.rsyslog.com";] start >> > >> > > > >> 2012-01-31T15:45:52.997294+02:**00 <hostname> rsyslogd: >> bind: >> > >> > > > Permission >> > >> > > > >> denied >> > >> > > > >> 2012-01-31T15:45:52.997369+02:**00 <hostname> rsyslogd: >> bind: >> > >> > > > Permission >> > >> > > > >> denied >> > >> > > > >> 2012-01-31T15:45:52.997374+02:**00 <hostname> rsyslogd: No >> > >> > > > >> UDP >> > >> > > > listen >> > >> > > > >> socket >> > >> > > > >> could successfully be initialized, message reception via UDP >> > >> > > > disabled. >> > >> > > > >> 2012-01-31T15:45:52.997376+02:**00 <hostname> rsyslogd: >> > imudp: >> > >> > no >> > >> > > > >> listeners >> > >> > > > >> could be started, input not activated. >> > >> > > > >> 2012-01-31T15:45:52.997379+02:**00 <hostname> rsyslogd3: >> > >> > activation >> > >> > > > of >> > >> > > > >> module >> > >> > > > >> imudp failed [try http://www.rsyslog.com/e/-3 ] >> > >> > > > >> 2012-01-31T15:45:52.997643+02:**00 <hostname> rsyslogd-2077: >> > >> > Could >> > >> > > > not >> > >> > > > >> create >> > >> > > > >> tcp listener, ignoring port 514. [try >> > >> > http://www.rsyslog.com/e/2077 >> > >> > > > ] >> > >> > > > >> >> > >> > > > >> So permissions to bind and sockets seems to be the >> problem... >> > >> > > > >> >> > >> > > > > >> > >> > > > > yes, you cannot bind to ports <1024 as a normal user (without >> > >> > making >> > >> > > > some >> > >> > > > > other non-standard changes through sysctl) >> > >> > > > > >> > >> > > > > >> > >> > > > > 1. Is it possible to make rsyslog write logfiles as a >> > >> > > > > non-root >> > >> > user >> > >> > > > - if >> > >> > > > >> yes: how ? >> > >> > > > >> >> > >> > > > > >> > >> > > > > permission drop features >> > >> > > > > >> > >> > > > > >> > >> > > > > 2a. Is it possible to add permissions for non-root user to >> > >> > > > > run >> > >> > > > rsyslog >> > >> > > > >> server - if yes: how ? >> > >> > > > >> >> > >> > > > > >> > >> > > > > pick a listening port > 1024 and it should work. >> > >> > > > > >> > >> > > > > >> > >> > > > > 2b. How do I start rsyslog during boot as non-root user - >> > >> > > > > can >> > >> > > > chkconfig do >> > >> > > > >> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ? >> > >> > > > >> >> > >> > > > > >> > >> > > > > su can run a command as a different user. >> > >> > > > > >> > >> > > > > although as Rainer points out, you may just be looking for >> > >> > > > > the >> > >> > > > permission >> > >> > > > > dropping features that are already in rsyslog. >> > >> > > > > >> > >> > > > > David Lang >> > >> > > > > >> > >> > > > > ______________________________**_________________ >> > >> > > > > rsyslog mailing list >> > >> > > > > >> > >> > > > >> > >> > http://lists.adiscon.net/**mailman/listinfo/rsyslog< >> http://lists.ad >> > >> > isco >> > >> > > > n.net/mailman/listinfo/rsyslog> >> > >> > > > > http://www.rsyslog.com/**professional- >> > >> > > > services/<http://www.rsyslog.com/professional-services/> >> > >> > > > > >> > >> > > > _______________________________________________ >> > >> > > > rsyslog mailing list >> > >> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > >> > > > http://www.rsyslog.com/professional-services/ >> > >> > > _______________________________________________ >> > >> > > rsyslog mailing list >> > >> > > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > >> > > http://www.rsyslog.com/professional-services/ >> > >> > > >> > >> > _______________________________________________ >> > >> > rsyslog mailing list >> > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > >> > http://www.rsyslog.com/professional-services/ >> > >> _______________________________________________ >> > >> rsyslog mailing list >> > >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> > >> http://www.rsyslog.com/professional-services/ >> > >> >> > > >> > > >> > _______________________________________________ >> > rsyslog mailing list >> > http://lists.adiscon.net/mailman/listinfo/rsyslog >> > http://www.rsyslog.com/professional-services/ >> _______________________________________________ >> rsyslog mailing list >> http://lists.adiscon.net/mailman/listinfo/rsyslog >> http://www.rsyslog.com/professional-services/ >> > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
