Closed as invalid, you need to talkt o your distro... (see tracker)
> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Michael Maymann > Sent: Thursday, February 02, 2012 3:11 PM > To: rsyslog-users > Subject: Re: [rsyslog] rsyslog as non-root user > > bugreport created... > http://bugzilla.adiscon.com/show_bug.cgi?id=306 > > Br. > ~maymann > > 2012/2/2 Michael Maymann <[email protected]> > > > Anyone...? > > > > > > 2012/2/2 Rainer Gerhards <[email protected]> > > > >> > >> > >> > -----Original Message----- > >> > From: [email protected] [mailto:rsyslog- > >> > [email protected]] On Behalf Of Michael Maymann > >> > Sent: Thursday, February 02, 2012 2:29 PM > >> > To: rsyslog-users > >> > Subject: Re: [rsyslog] rsyslog as non-root user > >> > > >> > Hi Rainer, > >> > > >> > I really have my doubts it has something to do with my startup script: > >> > 1. I only changed the exec=/usr/sbin/rsyslogd from default 2. It > >> > works perfectly when PrivDropTo is not used in rsyslog.conf. > >> > > >> > I'm running on RHEL6.1_x64. > >> > Do you have a working /etc/init.d/rsyslog what you can share/I can > >> test...? > >> > >> No > >> > >> rg > >> > > >> > > >> > Thanks in advance :-) ! > >> > ~maymann > >> > > >> > 2012/2/2 Michael Maymann <[email protected]> > >> > > >> > > Hi, > >> > > > >> > > Rainer: Sorry... forgot to mention that it doesn't say anything > >> > > about failing in the logs... and it actually doesn't fail... it > >> > > works and after the timeout+failed notice only the proccess owned > >> > > by PrivDropToUser-USER is present, but now owned by the > >> > > init-proccess > >> > (mother proccess dies): > >> > > > >> > > # service rsyslog start > >> > > Starting system logger: [FAILED] > >> > > > >> > > BEFORE failed status: > >> > > root 9126 9125 0 11:07 pts/1 00:00:00 /usr/sbin/rsyslogd -c > >> 6 > >> > > <PrivDropToUser-USER> 9131 9126 0 11:07 ? 00:00:00 > >> > > /usr/sbin/rsyslogd -c 6 > >> > > > >> > > AFTER failed status root-owned proccess is killed and > >> > > PrivDropToUser-USER owned proccess is therefore gets owned by > init: > >> > > <PrivDropToUser-USER> 9131 1 0 11:07 ? 00:00:00 > >> > > /usr/sbin/rsyslogd -c 6 > >> > > > >> > > Anyone who can help with this...?: > >> > > here is the debug output when starting running the init-script: > >> > > #/etc/init.d/rsyslog start > >> > > + . /etc/init.d/functions > >> > > ++ TEXTDOMAIN=initscripts > >> > > ++ umask 022 > >> > > ++ PATH=/sbin:/usr/sbin:/bin:/usr/bin > >> > > ++ export PATH > >> > > ++ '[' -z '' ']' > >> > > ++ COLUMNS=80 > >> > > ++ '[' -z '' ']' > >> > > +++ /sbin/consoletype > >> > > ++ CONSOLETYPE=pty > >> > > ++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']' > >> > > ++ . /etc/profile.d/lang.sh > >> > > ++ unset LANGSH_SOURCED > >> > > ++ '[' -z '' ']' > >> > > ++ '[' -f /etc/sysconfig/init ']' > >> > > ++ . /etc/sysconfig/init > >> > > +++ BOOTUP=color > >> > > +++ RES_COL=60 > >> > > +++ MOVE_TO_COL='echo -en \033[60G' > >> > > +++ SETCOLOR_SUCCESS='echo -en \033[0;32m' > >> > > +++ SETCOLOR_FAILURE='echo -en \033[0;31m' > >> > > +++ SETCOLOR_WARNING='echo -en \033[0;33m' > >> > > +++ SETCOLOR_NORMAL='echo -en \033[0;39m' > >> > > +++ PROMPT=yes > >> > > +++ AUTOSWAP=no > >> > > +++ ACTIVE_CONSOLES='/dev/tty[1-6]' > >> > > +++ SINGLE=/sbin/sushell > >> > > ++ '[' pty = serial ']' > >> > > ++ > >> > > > >> > __sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmor > >> > ig\|\ > >> > .rpmsave\)$/d' > >> > > + RETVAL=0 > >> > > + PIDFILE=/var/run/syslogd.pid > >> > > + prog=rsyslogd > >> > > + exec=/usr/sbin/rsyslogd > >> > > + lockfile=/var/lock/subsys/rsyslogd > >> > > + case "$1" in > >> > > + start > >> > > + '[' -x /usr/sbin/rsyslogd ']' > >> > > + '[' -f /etc/sysconfig/rsyslog ']' > >> > > + . /etc/sysconfig/rsyslog > >> > > ++ SYSLOGD_OPTIONS='-c 6' > >> > > + umask 077 > >> > > + echo -n 'Starting system logger: ' > >> > > Starting system logger: + daemon --pidfile=/var/run/syslogd.pid > >> > > /usr/sbin/rsyslogd -c 6 > >> > > + local gotbase= force= nicelevel corelimit local pid base= user= > >> > > + nice= bg= pid_file= local cgroup= > >> > > + nicelevel=0 > >> > > + '[' --pidfile=/var/run/syslogd.pid '!=' > >> -pidfile=/var/run/syslogd.pid > >> ']' > >> > > + case $1 in > >> > > + pid_file=/var/run/syslogd.pid > >> > > + shift > >> > > + '[' /usr/sbin/rsyslogd '!=' /usr/sbin/rsyslogd ']' > >> > > + '[' -z '' ']' > >> > > + base=rsyslogd > >> > > + __pids_var_run rsyslogd /var/run/syslogd.pid local > >> > > + base=rsyslogd local pid_file=/var/run/syslogd.pid pid= '[' -f > >> > > + /var/run/syslogd.pid ']' > >> > > + return 3 > >> > > + '[' -n '' -a -z '' ']' > >> > > + corelimit='ulimit -S -c 0' > >> > > + '[' -n '' ']' > >> > > + '[' -n '' ']' > >> > > + '[' color = verbose -a -z '' ']' > >> > > + '[' -z '' ']' > >> > > + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; > >> > > + /usr/sbin/rsyslogd > >> -c 6' > >> > > ... > >> > > (hangs here for a long time) > >> > > ... > >> > > + '[' 1 -eq 0 ']' > >> > > + failure 'rsyslogd startup' > >> > > + local rc=1 > >> > > + '[' color '!=' verbose -a -z '' ']' > >> > > + echo_failure > >> > > + '[' color = color ']' > >> > > + echo -en '\033[60G' > >> > > + echo > >> > > -n > >> '[' > >> > > [+ '[' color = color ']' > >> > > + echo -en '\033[0;31m' > >> > > + echo -n FAILED > >> > > FAILED+ '[' color = color ']' > >> > > + echo -en '\033[0;39m' > >> > > + echo -n ']' > >> > > ]+ echo -ne '\r' > >> > > + return 1 > >> > > + '[' -x /usr/bin/plymouth ']' > >> > > + /usr/bin/plymouth --details > >> > > + return 1 > >> > > + RETVAL=1 > >> > > + echo > >> > > > >> > > + '[' 1 -eq 0 ']' > >> > > + return 1 > >> > > + exit 1 > >> > > > >> > > I have tried to give 777-access to /var/run and /var/lock/subsys > >> > > - but same thing happens... > >> > > > >> > > > >> > > > >> > > Thanks in advance :-) ! > >> > > > >> > > Br. > >> > > ~maymann > >> > > > >> > > > >> > > > >> > > 2012/2/2 Rainer Gerhards <[email protected]> > >> > > > >> > >> I can only help you with that part if you point me to why > >> > >> exactly the script claims what it does. So you may want to try > >> > >> find someone who can do that. > >> > >> I > >> > >> know this is probably a trivial question, but I don't know > >> > >> anything > >> > >> ;) > >> > >> > >> > >> Sry, rainer > >> > >> > >> > >> > -----Original Message----- > >> > >> > From: [email protected] [mailto:rsyslog- > >> > >> > [email protected]] On Behalf Of Michael Maymann > >> > >> > Sent: Thursday, February 02, 2012 10:03 AM > >> > >> > To: rsyslog-users > >> > >> > Subject: Re: [rsyslog] rsyslog as non-root user > >> > >> > > >> > >> > Here is my startup script... only thing changed is the path to > >> > >> > the new 6.3.6-rsyslog-devel binary. > >> > >> > The startup-scripts works also perfectly when i comment out > >> > >> > the > >> > >> > PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but > >> > >> > PrivDropToUser+failes if i > >> > >> > have > >> > >> > both or one of the entries...: > >> > >> > #!/bin/bash > >> > >> > # > >> > >> > # rsyslog Starts rsyslogd/rklogd. > >> > >> > # > >> > >> > # > >> > >> > # chkconfig: 2345 12 88 > >> > >> > # description: Syslog is the facility by which many daemons > >> > >> > use to log \ # messages to various system log files. It is a > >> > >> > good idea to always \ # run rsyslog. > >> > >> > ### BEGIN INIT INFO > >> > >> > # Provides: $syslog > >> > >> > # Required-Start: $local_fs > >> > >> > # Required-Stop: $local_fs > >> > >> > # Default-Start: 2 3 4 5 > >> > >> > # Default-Stop: 0 1 6 > >> > >> > # Short-Description: Enhanced system logging and kernel > >> > >> > message trapping daemons # Description: Rsyslog is an enhanced > >> > >> > multi-threaded syslogd supporting, > >> > >> > # among others, MySQL, syslog/tcp, RFC 3195, permitted > >> > >> > # sender lists, filtering on any message part, and > >> fine > >> > >> > # grain output format control. > >> > >> > ### END INIT INFO > >> > >> > > >> > >> > # Source function library. > >> > >> > . /etc/init.d/functions > >> > >> > > >> > >> > RETVAL=0 > >> > >> > PIDFILE=/var/run/syslogd.pid > >> > >> > > >> > >> > prog=rsyslogd > >> > >> > #exec=/sbin/rsyslogd > >> > >> > exec=/usr/sbin/rsyslogd > >> > >> > lockfile=/var/lock/subsys/$prog > >> > >> > > >> > >> > start() { > >> > >> > [ -x $exec ] || exit 5 > >> > >> > > >> > >> > # Source config > >> > >> > if [ -f /etc/sysconfig/rsyslog ] ; then > >> > >> > . /etc/sysconfig/rsyslog > >> > >> > fi > >> > >> > umask 077 > >> > >> > > >> > >> > echo -n $"Starting system logger: " > >> > >> > daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS > >> > >> > RETVAL=$? > >> > >> > echo > >> > >> > [ $RETVAL -eq 0 ] && touch $lockfile > >> > >> > return $RETVAL > >> > >> > } > >> > >> > stop() { > >> > >> > echo -n $"Shutting down system logger: " > >> > >> > killproc $prog > >> > >> > RETVAL=$? > >> > >> > echo > >> > >> > [ $RETVAL -eq 0 ] && rm -f $lockfile > >> > >> > return $RETVAL > >> > >> > } > >> > >> > reload() { > >> > >> > RETVAL=1 > >> > >> > syslog=$(cat "${PIDFILE}" 2>/dev/null) > >> > >> > echo -n "Reloading system logger..." > >> > >> > if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then > >> > >> > kill -HUP "$syslog"; > >> > >> > RETVAL=$? > >> > >> > fi > >> > >> > if [ $RETVAL -ne 0 ]; then > >> > >> > failure > >> > >> > else > >> > >> > success > >> > >> > fi > >> > >> > echo > >> > >> > return $RETVAL > >> > >> > } > >> > >> > rhstatus() { > >> > >> > status -p "${PIDFILE}" $prog } > >> > >> > restart() { > >> > >> > stop > >> > >> > start > >> > >> > } > >> > >> > > >> > >> > case "$1" in > >> > >> > start) > >> > >> > start > >> > >> > ;; > >> > >> > stop) > >> > >> > stop > >> > >> > ;; > >> > >> > restart) > >> > >> > restart > >> > >> > ;; > >> > >> > reload|force-reload) > >> > >> > reload > >> > >> > ;; > >> > >> > status) > >> > >> > rhstatus > >> > >> > ;; > >> > >> > condrestart|try-restart) > >> > >> > rhstatus >/dev/null 2>&1 || exit 0 > >> > >> > restart > >> > >> > ;; > >> > >> > *) > >> > >> > echo $"Usage: $0 > >> > >> > {start|stop|restart|condrestart|try-restart|reload|force- > >> > >> > reload|status}" > >> > >> > exit 2 > >> > >> > esac > >> > >> > > >> > >> > exit $? > >> > >> > > >> > >> > 2012/2/2 Rainer Gerhards <[email protected]> > >> > >> > > >> > >> > > > >> > >> > > > >> > >> > > > -----Original Message----- > >> > >> > > > From: [email protected] [mailto:rsyslog- > >> > >> > > > [email protected]] On Behalf Of Michael Maymann > >> > >> > > > Sent: Wednesday, February 01, 2012 9:08 AM > >> > >> > > > To: rsyslog-users > >> > >> > > > Subject: Re: [rsyslog] rsyslog as non-root user > >> > >> > > > > >> > >> > > > Hi, > >> > >> > > > > >> > >> > > > David: thanks - got it working with permission dropping, > >> > >> > > > by far my prefered configuration... just didn't know of it...:-) ! > >> > >> > > > Rainer: please let us know if the debug info of the > >> > >> > > > "permission > >> > >> > > > dropping: > >> > >> > > > hang+timeout" I send you can solve anything... anyway it > >> > >> > > > hang+works now > >> > >> > - > >> > >> > > > but > >> > >> > > > not optimal if other people have to service my setup...:-) ! > >> > >> > > > >> > >> > > I have reviewed the debug log and I see nothing unexpected. > >> > >> > > From the timestamps I also see that there is no hang > >> > >> > > whatsoever. So it looks > >> > >> > like > >> > >> > > there is some problem with the startup script, which I don't > >> > >> > > know. I suggest to ask what the FAILED status is caused by. > >> > >> > > We can then look why this happens. > >> > >> > > > >> > >> > > Sorry I have no better answer... > >> > >> > > Rainer > >> > >> > > > >> > >> > > > > >> > >> > > > Thanks in advance :-) ! > >> > >> > > > ~maymann > >> > >> > > > > >> > >> > > > 2012/2/1 <[email protected]> > >> > >> > > > > >> > >> > > > > On Tue, 31 Jan 2012, Michael Maymann wrote: > >> > >> > > > > > >> > >> > > > > Hi, > >> > >> > > > >> > >> > >> > > > >> I have now setup a 6.3.6-devel rsyslog server that is > >> > >> > > > >> working > >> > >> > fine > >> > >> > > > running > >> > >> > > > >> as root. > >> > >> > > > >> I would like to run it as non-root user as my logfiles > >> > >> > > > >> are > >> > >> > located > >> > >> > > > on NFS > >> > >> > > > >> (and root export of NFS is generally not a good idea !). > >> > >> > > > >> > >> > >> > > > >> Here is my rsyslog.conf: > >> > >> > > > >> #LOAD MODULES > >> > >> > > > >> $ModLoad imudp > >> > >> > > > >> $UDPServerRun 514 > >> > >> > > > >> $UDPServerAddress 127.0.0.1 $ModLoad imtcp > >> > >> > > > >> $InputTCPServerRun 514 #SET DESTINATION FOR LOGS > >> > >> > > > >> $template > >> > >> > > > >> > >> > > DYNmessages,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.% > >> > ** > >> > >> > > > >> $MONTH%_messages" > >> > >> > > > >> $template > >> > >> > > > >> > >> > >> > > > > >> > >> > > >> > > DYNsecure,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** > >> > $MONTH%_secure" > >> > >> > > > >> $template > >> > >> > > > >> > >> > >> > > > > >> > >> > > >> > > DYNmaillog,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** > >> > $MONTH%_ma > >> > >> > illo > >> > >> > > > g" > >> > >> > > > >> $template > >> > >> > > > > >> > > DYNcron,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MO > >> > NTH%_** > >> > >> > > > >> cron" > >> > >> > > > >> $template > >> > >> > > > >> > >> > >> > > > > >> > >> > > >> > > DYNspooler,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%** > >> > $MONTH%_sp > >> > >> > oole > >> > >> > > > r" > >> > >> > > > >> $template > >> > >> > > > >> > >> > >> > > > > >> > >> > > >> > > DYNboot,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MO > >> > NTH%_**boot.log" > >> > >> > > > >> $template > >> > >> > > > > >> > > DYNtraps,"<PATH_TO>/%FROMHOST%**/%FROMHOST%_%$YEAR%.%$MO > >> > NTH%_** > >> > >> > > > >> traps" > >> > >> > > > >> #SET LOGGING CONDITIONS if $syslogseverity <= '6' then > >> > >> > > > >> ?DYNmessages if $syslogfacility-text == 'authpriv' then > >> > >> > > > >> ?DYNsecure if $syslogfacility-text == 'mail' then > >> > >> > > > >> ?DYNmaillog if $syslogfacility-text == 'cron' then > >> > >> > > > >> ?DYNcron if $syslogseverity-text == 'crit' then > >> > >> > > > >> ?DYNspooler if $syslogfacility-text == 'local7' then > >> > >> > > > >> ?DYNboot if $syslogfacility-text == 'local6' and > >> > >> > > > >> $syslogseverity-text == > >> > >> > > > 'WARNING' > >> > >> > > > >> then ?DYNtraps > >> > >> > > > >> > >> > >> > > > >> Here is my logfile when I try to start rsyslog as a > >> > >> > > > >> non-root > >> > >> > user: > >> > >> > > > >> 2012-01-31T15:45:52.997693+02:**00 <hostname> rsyslogd: > >> > >> > > > >> [origin software="rsyslogd" swVersion="6.3.6" x- > pid="26185" > >> x- > >> > info=" > >> > >> > > > >> http://www.rsyslog.com";] start > >> > >> > > > >> 2012-01-31T15:45:52.997294+02:**00 <hostname> rsyslogd: > >> bind: > >> > >> > > > Permission > >> > >> > > > >> denied > >> > >> > > > >> 2012-01-31T15:45:52.997369+02:**00 <hostname> rsyslogd: > >> bind: > >> > >> > > > Permission > >> > >> > > > >> denied > >> > >> > > > >> 2012-01-31T15:45:52.997374+02:**00 <hostname> rsyslogd: > >> > >> > > > >> No UDP > >> > >> > > > listen > >> > >> > > > >> socket > >> > >> > > > >> could successfully be initialized, message reception > >> > >> > > > >> via UDP > >> > >> > > > disabled. > >> > >> > > > >> 2012-01-31T15:45:52.997376+02:**00 <hostname> rsyslogd: > >> > imudp: > >> > >> > no > >> > >> > > > >> listeners > >> > >> > > > >> could be started, input not activated. > >> > >> > > > >> 2012-01-31T15:45:52.997379+02:**00 <hostname> > rsyslogd3: > >> > >> > activation > >> > >> > > > of > >> > >> > > > >> module > >> > >> > > > >> imudp failed [try http://www.rsyslog.com/e/-3 ] > >> > >> > > > >> 2012-01-31T15:45:52.997643+02:**00 <hostname> rsyslogd- > 2077: > >> > >> > Could > >> > >> > > > not > >> > >> > > > >> create > >> > >> > > > >> tcp listener, ignoring port 514. [try > >> > >> > http://www.rsyslog.com/e/2077 > >> > >> > > > ] > >> > >> > > > >> > >> > >> > > > >> So permissions to bind and sockets seems to be the > >> problem... > >> > >> > > > >> > >> > >> > > > > > >> > >> > > > > yes, you cannot bind to ports <1024 as a normal user > >> > >> > > > > (without > >> > >> > making > >> > >> > > > some > >> > >> > > > > other non-standard changes through sysctl) > >> > >> > > > > > >> > >> > > > > > >> > >> > > > > 1. Is it possible to make rsyslog write logfiles as a > >> > >> > > > > non-root > >> > >> > user > >> > >> > > > - if > >> > >> > > > >> yes: how ? > >> > >> > > > >> > >> > >> > > > > > >> > >> > > > > permission drop features > >> > >> > > > > > >> > >> > > > > > >> > >> > > > > 2a. Is it possible to add permissions for non-root user > >> > >> > > > > to run > >> > >> > > > rsyslog > >> > >> > > > >> server - if yes: how ? > >> > >> > > > >> > >> > >> > > > > > >> > >> > > > > pick a listening port > 1024 and it should work. > >> > >> > > > > > >> > >> > > > > > >> > >> > > > > 2b. How do I start rsyslog during boot as non-root user > >> > >> > > > > - can > >> > >> > > > chkconfig do > >> > >> > > > >> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ? > >> > >> > > > >> > >> > >> > > > > > >> > >> > > > > su can run a command as a different user. > >> > >> > > > > > >> > >> > > > > although as Rainer points out, you may just be looking > >> > >> > > > > for the > >> > >> > > > permission > >> > >> > > > > dropping features that are already in rsyslog. > >> > >> > > > > > >> > >> > > > > David Lang > >> > >> > > > > > >> > >> > > > > > ______________________________**_________________ > >> > >> > > > > rsyslog mailing list > >> > >> > > > > > >> > >> > > > > >> > >> > http://lists.adiscon.net/**mailman/listinfo/rsyslog< > >> http://lists.ad > >> > >> > isco > >> > >> > > > n.net/mailman/listinfo/rsyslog> > >> > >> > > > > http://www.rsyslog.com/**professional- > >> > >> > > > services/<http://www.rsyslog.com/professional-services/> > >> > >> > > > > > >> > >> > > > _______________________________________________ > >> > >> > > > rsyslog mailing list > >> > >> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > >> > > > http://www.rsyslog.com/professional-services/ > >> > >> > > _______________________________________________ > >> > >> > > rsyslog mailing list > >> > >> > > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > >> > > http://www.rsyslog.com/professional-services/ > >> > >> > > > >> > >> > _______________________________________________ > >> > >> > rsyslog mailing list > >> > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > >> > http://www.rsyslog.com/professional-services/ > >> > >> _______________________________________________ > >> > >> rsyslog mailing list > >> > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > >> http://www.rsyslog.com/professional-services/ > >> > >> > >> > > > >> > > > >> > _______________________________________________ > >> > rsyslog mailing list > >> > http://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com/professional-services/ > >> _______________________________________________ > >> rsyslog mailing list > >> http://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> > > > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
