Hi, David: Thanks for your reply - sounds possible... I will try this first thing tomorrow morning and report back with findings...
Br. ~maymann 2012/2/2 <[email protected]> > On Thu, 2 Feb 2012, Michael Maymann wrote: > > Hi Rainer, >> >> I really have my doubts it has something to do with my startup script: >> 1. I only changed the exec=/usr/sbin/rsyslogd from default >> 2. It works perfectly when PrivDropTo is not used in rsyslog.conf. >> >> I'm running on RHEL6.1_x64. >> Do you have a working /etc/init.d/rsyslog what you can share/I can >> test...? >> > > > my guess is that this is a SELINUX related problem. > > what happens if you try to start rsyslog manually (not by running the > startup script, but just running 'rsyslogd -c 6' " > > David Lang > > > >> Thanks in advance :-) ! >> ~maymann >> >> 2012/2/2 Michael Maymann <[email protected]> >> >> Hi, >>> >>> Rainer: Sorry... forgot to mention that it doesn't say anything about >>> failing in the logs... and it actually doesn't fail... it works and after >>> the timeout+failed notice only the proccess owned by PrivDropToUser-USER >>> is >>> present, but now owned by the init-proccess (mother proccess dies): >>> >>> # service rsyslog start >>> Starting system logger: [FAILED] >>> >>> BEFORE failed status: >>> root 9126 9125 0 11:07 pts/1 00:00:00 /usr/sbin/rsyslogd -c 6 >>> <PrivDropToUser-USER> 9131 9126 0 11:07 ? 00:00:00 >>> /usr/sbin/rsyslogd -c 6 >>> >>> AFTER failed status root-owned proccess is killed and PrivDropToUser-USER >>> owned proccess is therefore gets owned by init: >>> <PrivDropToUser-USER> 9131 1 0 11:07 ? 00:00:00 >>> /usr/sbin/rsyslogd -c 6 >>> >>> Anyone who can help with this...?: >>> here is the debug output when starting running the init-script: >>> #/etc/init.d/rsyslog start >>> + . /etc/init.d/functions >>> ++ TEXTDOMAIN=initscripts >>> ++ umask 022 >>> ++ PATH=/sbin:/usr/sbin:/bin:/**usr/bin >>> ++ export PATH >>> ++ '[' -z '' ']' >>> ++ COLUMNS=80 >>> ++ '[' -z '' ']' >>> +++ /sbin/consoletype >>> ++ CONSOLETYPE=pty >>> ++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']' >>> ++ . /etc/profile.d/lang.sh >>> ++ unset LANGSH_SOURCED >>> ++ '[' -z '' ']' >>> ++ '[' -f /etc/sysconfig/init ']' >>> ++ . /etc/sysconfig/init >>> +++ BOOTUP=color >>> +++ RES_COL=60 >>> +++ MOVE_TO_COL='echo -en \033[60G' >>> +++ SETCOLOR_SUCCESS='echo -en \033[0;32m' >>> +++ SETCOLOR_FAILURE='echo -en \033[0;31m' >>> +++ SETCOLOR_WARNING='echo -en \033[0;33m' >>> +++ SETCOLOR_NORMAL='echo -en \033[0;39m' >>> +++ PROMPT=yes >>> +++ AUTOSWAP=no >>> +++ ACTIVE_CONSOLES='/dev/tty[1-6]**' >>> +++ SINGLE=/sbin/sushell >>> ++ '[' pty = serial ']' >>> ++ >>> __sed_discard_ignored_files='/**\(~\|\.bak\|\.orig\|\.rpmnew\|** >>> \.rpmorig\|\.rpmsave\)$/d' >>> + RETVAL=0 >>> + PIDFILE=/var/run/syslogd.pid >>> + prog=rsyslogd >>> + exec=/usr/sbin/rsyslogd >>> + lockfile=/var/lock/subsys/**rsyslogd >>> + case "$1" in >>> + start >>> + '[' -x /usr/sbin/rsyslogd ']' >>> + '[' -f /etc/sysconfig/rsyslog ']' >>> + . /etc/sysconfig/rsyslog >>> ++ SYSLOGD_OPTIONS='-c 6' >>> + umask 077 >>> + echo -n 'Starting system logger: ' >>> Starting system logger: + daemon --pidfile=/var/run/syslogd.pid >>> /usr/sbin/rsyslogd -c 6 >>> + local gotbase= force= nicelevel corelimit >>> + local pid base= user= nice= bg= pid_file= >>> + local cgroup= >>> + nicelevel=0 >>> + '[' --pidfile=/var/run/syslogd.pid '!=' -pidfile=/var/run/syslogd.pid >>> ']' >>> + case $1 in >>> + pid_file=/var/run/syslogd.pid >>> + shift >>> + '[' /usr/sbin/rsyslogd '!=' /usr/sbin/rsyslogd ']' >>> + '[' -z '' ']' >>> + base=rsyslogd >>> + __pids_var_run rsyslogd /var/run/syslogd.pid >>> + local base=rsyslogd >>> + local pid_file=/var/run/syslogd.pid >>> + pid= >>> + '[' -f /var/run/syslogd.pid ']' >>> + return 3 >>> + '[' -n '' -a -z '' ']' >>> + corelimit='ulimit -S -c 0' >>> + '[' -n '' ']' >>> + '[' -n '' ']' >>> + '[' color = verbose -a -z '' ']' >>> + '[' -z '' ']' >>> + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/rsyslogd -c 6' >>> ... >>> (hangs here for a long time) >>> ... >>> + '[' 1 -eq 0 ']' >>> + failure 'rsyslogd startup' >>> + local rc=1 >>> + '[' color '!=' verbose -a -z '' ']' >>> + echo_failure >>> + '[' color = color ']' >>> + echo -en '\033[60G' >>> + echo -n '[' >>> [+ '[' color = color ']' >>> + echo -en '\033[0;31m' >>> + echo -n FAILED >>> FAILED+ '[' color = color ']' >>> + echo -en '\033[0;39m' >>> + echo -n ']' >>> ]+ echo -ne '\r' >>> + return 1 >>> + '[' -x /usr/bin/plymouth ']' >>> + /usr/bin/plymouth --details >>> + return 1 >>> + RETVAL=1 >>> + echo >>> >>> + '[' 1 -eq 0 ']' >>> + return 1 >>> + exit 1 >>> >>> I have tried to give 777-access to /var/run and /var/lock/subsys - but >>> same thing happens... >>> >>> >>> >>> Thanks in advance :-) ! >>> >>> Br. >>> ~maymann >>> >>> >>> >>> 2012/2/2 Rainer Gerhards <[email protected]> >>> >>> I can only help you with that part if you point me to why exactly the >>>> script >>>> claims what it does. So you may want to try find someone who can do >>>> that. >>>> I >>>> know this is probably a trivial question, but I don't know anything ;) >>>> >>>> Sry, rainer >>>> >>>> -----Original Message----- >>>>> From: >>>>> [email protected].**com<[email protected]>[mailto: >>>>> rsyslog- >>>>> [email protected]] On Behalf Of Michael Maymann >>>>> Sent: Thursday, February 02, 2012 10:03 AM >>>>> To: rsyslog-users >>>>> Subject: Re: [rsyslog] rsyslog as non-root user >>>>> >>>>> Here is my startup script... only thing changed is the path to the new >>>>> 6.3.6-rsyslog-devel binary. >>>>> The startup-scripts works also perfectly when i comment out the >>>>> PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but failes if i >>>>> have >>>>> both or one of the entries...: >>>>> #!/bin/bash >>>>> # >>>>> # rsyslog Starts rsyslogd/rklogd. >>>>> # >>>>> # >>>>> # chkconfig: 2345 12 88 >>>>> # description: Syslog is the facility by which many daemons use to log >>>>> \ >>>>> # messages to various system log files. It is a good idea to always \ >>>>> # run rsyslog. >>>>> ### BEGIN INIT INFO >>>>> # Provides: $syslog >>>>> # Required-Start: $local_fs >>>>> # Required-Stop: $local_fs >>>>> # Default-Start: 2 3 4 5 >>>>> # Default-Stop: 0 1 6 >>>>> # Short-Description: Enhanced system logging and kernel message >>>>> trapping >>>>> daemons >>>>> # Description: Rsyslog is an enhanced multi-threaded syslogd >>>>> supporting, >>>>> # among others, MySQL, syslog/tcp, RFC 3195, permitted >>>>> # sender lists, filtering on any message part, and fine >>>>> # grain output format control. >>>>> ### END INIT INFO >>>>> >>>>> # Source function library. >>>>> . /etc/init.d/functions >>>>> >>>>> RETVAL=0 >>>>> PIDFILE=/var/run/syslogd.pid >>>>> >>>>> prog=rsyslogd >>>>> #exec=/sbin/rsyslogd >>>>> exec=/usr/sbin/rsyslogd >>>>> lockfile=/var/lock/subsys/$**prog >>>>> >>>>> start() { >>>>> [ -x $exec ] || exit 5 >>>>> >>>>> # Source config >>>>> if [ -f /etc/sysconfig/rsyslog ] ; then >>>>> . /etc/sysconfig/rsyslog >>>>> fi >>>>> umask 077 >>>>> >>>>> echo -n $"Starting system logger: " >>>>> daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS >>>>> RETVAL=$? >>>>> echo >>>>> [ $RETVAL -eq 0 ] && touch $lockfile >>>>> return $RETVAL >>>>> } >>>>> stop() { >>>>> echo -n $"Shutting down system logger: " >>>>> killproc $prog >>>>> RETVAL=$? >>>>> echo >>>>> [ $RETVAL -eq 0 ] && rm -f $lockfile >>>>> return $RETVAL >>>>> } >>>>> reload() { >>>>> RETVAL=1 >>>>> syslog=$(cat "${PIDFILE}" 2>/dev/null) >>>>> echo -n "Reloading system logger..." >>>>> if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then >>>>> kill -HUP "$syslog"; >>>>> RETVAL=$? >>>>> fi >>>>> if [ $RETVAL -ne 0 ]; then >>>>> failure >>>>> else >>>>> success >>>>> fi >>>>> echo >>>>> return $RETVAL >>>>> } >>>>> rhstatus() { >>>>> status -p "${PIDFILE}" $prog >>>>> } >>>>> restart() { >>>>> stop >>>>> start >>>>> } >>>>> >>>>> case "$1" in >>>>> start) >>>>> start >>>>> ;; >>>>> stop) >>>>> stop >>>>> ;; >>>>> restart) >>>>> restart >>>>> ;; >>>>> reload|force-reload) >>>>> reload >>>>> ;; >>>>> status) >>>>> rhstatus >>>>> ;; >>>>> condrestart|try-restart) >>>>> rhstatus >/dev/null 2>&1 || exit 0 >>>>> restart >>>>> ;; >>>>> *) >>>>> echo $"Usage: $0 >>>>> {start|stop|restart|**condrestart|try-restart|**reload|force- >>>>> reload|status}" >>>>> exit 2 >>>>> esac >>>>> >>>>> exit $? >>>>> >>>>> 2012/2/2 Rainer Gerhards <[email protected]> >>>>> >>>>> >>>>>> >>>>>> -----Original Message----- >>>>>>> From: >>>>>>> [email protected].**com<[email protected]>[mailto: >>>>>>> rsyslog- >>>>>>> [email protected]] On Behalf Of Michael Maymann >>>>>>> Sent: Wednesday, February 01, 2012 9:08 AM >>>>>>> To: rsyslog-users >>>>>>> Subject: Re: [rsyslog] rsyslog as non-root user >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> David: thanks - got it working with permission dropping, by far my >>>>>>> prefered >>>>>>> configuration... just didn't know of it...:-) ! >>>>>>> Rainer: please let us know if the debug info of the "permission >>>>>>> dropping: >>>>>>> hang+timeout" I send you can solve anything... anyway it works now >>>>>>> >>>>>> - >>>>> >>>>>> but >>>>>>> not optimal if other people have to service my setup...:-) ! >>>>>>> >>>>>> >>>>>> I have reviewed the debug log and I see nothing unexpected. From the >>>>>> timestamps I also see that there is no hang whatsoever. So it looks >>>>>> >>>>> like >>>>> >>>>>> there is some problem with the startup script, which I don't know. I >>>>>> suggest >>>>>> to ask what the FAILED status is caused by. We can then look why this >>>>>> happens. >>>>>> >>>>>> Sorry I have no better answer... >>>>>> Rainer >>>>>> >>>>>> >>>>>>> Thanks in advance :-) ! >>>>>>> ~maymann >>>>>>> >>>>>>> 2012/2/1 <[email protected]> >>>>>>> >>>>>>> On Tue, 31 Jan 2012, Michael Maymann wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>>> >>>>>>>>> I have now setup a 6.3.6-devel rsyslog server that is working >>>>>>>>> >>>>>>>> fine >>>>> >>>>>> running >>>>>>> >>>>>>>> as root. >>>>>>>>> I would like to run it as non-root user as my logfiles are >>>>>>>>> >>>>>>>> located >>>>> >>>>>> on NFS >>>>>>> >>>>>>>> (and root export of NFS is generally not a good idea !). >>>>>>>>> >>>>>>>>> Here is my rsyslog.conf: >>>>>>>>> #LOAD MODULES >>>>>>>>> $ModLoad imudp >>>>>>>>> $UDPServerRun 514 >>>>>>>>> $UDPServerAddress 127.0.0.1 >>>>>>>>> $ModLoad imtcp >>>>>>>>> $InputTCPServerRun 514 >>>>>>>>> #SET DESTINATION FOR LOGS >>>>>>>>> $template >>>>>>>>> DYNmessages,"<PATH_TO>/%****FROMHOST%/%FROMHOST%_%$YEAR%.%**** >>>>>>>>> $MONTH%_messages" >>>>>>>>> $template >>>>>>>>> >>>>>>>>> >>>>>>> DYNsecure,"<PATH_TO>/%****FROMHOST%/%FROMHOST%_%$YEAR%.%** >>>>> **$MONTH%_secure" >>>>> >>>>>> $template >>>>>>>>> >>>>>>>>> >>>>>>> DYNmaillog,"<PATH_TO>/%****FROMHOST%/%FROMHOST%_%$YEAR%.%** >>>>> **$MONTH%_maillo >>>>> >>>>>> g" >>>>>>> >>>>>>>> $template >>>>>>>>> >>>>>>>> DYNcron,"<PATH_TO>/%FROMHOST%/****%FROMHOST%_%$YEAR%.%$MONTH%_**** >>>>>>> >>>>>>>> cron" >>>>>>>>> $template >>>>>>>>> >>>>>>>>> >>>>>>> DYNspooler,"<PATH_TO>/%****FROMHOST%/%FROMHOST%_%$YEAR%.%** >>>>> **$MONTH%_spoole >>>>> >>>>>> r" >>>>>>> >>>>>>>> $template >>>>>>>>> >>>>>>>>> >>>>>>> DYNboot,"<PATH_TO>/%FROMHOST%/****%FROMHOST%_%$YEAR%.%$MONTH%_** >>>>> **boot.log" >>>>> >>>>>> $template >>>>>>>>> >>>>>>>> DYNtraps,"<PATH_TO>/%FROMHOST%****/%FROMHOST%_%$YEAR%.%$MONTH%**_** >>>>>>> >>>>>>>> traps" >>>>>>>>> #SET LOGGING CONDITIONS >>>>>>>>> if $syslogseverity <= '6' then ?DYNmessages >>>>>>>>> if $syslogfacility-text == 'authpriv' then ?DYNsecure >>>>>>>>> if $syslogfacility-text == 'mail' then ?DYNmaillog >>>>>>>>> if $syslogfacility-text == 'cron' then ?DYNcron >>>>>>>>> if $syslogseverity-text == 'crit' then ?DYNspooler >>>>>>>>> if $syslogfacility-text == 'local7' then ?DYNboot >>>>>>>>> if $syslogfacility-text == 'local6' and $syslogseverity-text == >>>>>>>>> >>>>>>>> 'WARNING' >>>>>>> >>>>>>>> then ?DYNtraps >>>>>>>>> >>>>>>>>> Here is my logfile when I try to start rsyslog as a non-root >>>>>>>>> >>>>>>>> user: >>>>> >>>>>> 2012-01-31T15:45:52.997693+02:****00 <hostname> rsyslogd: [origin >>>>>>>>> software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info=" >>>>>>>>> http://www.rsyslog.com";] start >>>>>>>>> 2012-01-31T15:45:52.997294+02:****00 <hostname> rsyslogd: bind: >>>>>>>>> >>>>>>>> Permission >>>>>>> >>>>>>>> denied >>>>>>>>> 2012-01-31T15:45:52.997369+02:****00 <hostname> rsyslogd: bind: >>>>>>>>> >>>>>>>> Permission >>>>>>> >>>>>>>> denied >>>>>>>>> 2012-01-31T15:45:52.997374+02:****00 <hostname> rsyslogd: No UDP >>>>>>>>> >>>>>>>> listen >>>>>>> >>>>>>>> socket >>>>>>>>> could successfully be initialized, message reception via UDP >>>>>>>>> >>>>>>>> disabled. >>>>>>> >>>>>>>> 2012-01-31T15:45:52.997376+02:****00 <hostname> rsyslogd: imudp: >>>>>>>>> >>>>>>>> no >>>>> >>>>>> listeners >>>>>>>>> could be started, input not activated. >>>>>>>>> 2012-01-31T15:45:52.997379+02:****00 <hostname> rsyslogd3: >>>>>>>>> >>>>>>>> activation >>>>> >>>>>> of >>>>>>> >>>>>>>> module >>>>>>>>> imudp failed [try http://www.rsyslog.com/e/-3 ] >>>>>>>>> 2012-01-31T15:45:52.997643+02:****00 <hostname> rsyslogd-2077: >>>>>>>>> >>>>>>>> Could >>>>> >>>>>> not >>>>>>> >>>>>>>> create >>>>>>>>> tcp listener, ignoring port 514. [try >>>>>>>>> >>>>>>>> http://www.rsyslog.com/e/2077 >>>>> >>>>>> ] >>>>>>> >>>>>>>> >>>>>>>>> So permissions to bind and sockets seems to be the problem... >>>>>>>>> >>>>>>>>> >>>>>>>> yes, you cannot bind to ports <1024 as a normal user (without >>>>>>>> >>>>>>> making >>>>> >>>>>> some >>>>>>> >>>>>>>> other non-standard changes through sysctl) >>>>>>>> >>>>>>>> >>>>>>>> 1. Is it possible to make rsyslog write logfiles as a non-root >>>>>>>> >>>>>>> user >>>>> >>>>>> - if >>>>>>> >>>>>>>> yes: how ? >>>>>>>>> >>>>>>>>> >>>>>>>> permission drop features >>>>>>>> >>>>>>>> >>>>>>>> 2a. Is it possible to add permissions for non-root user to run >>>>>>>> >>>>>>> rsyslog >>>>>>> >>>>>>>> server - if yes: how ? >>>>>>>>> >>>>>>>>> >>>>>>>> pick a listening port > 1024 and it should work. >>>>>>>> >>>>>>>> >>>>>>>> 2b. How do I start rsyslog during boot as non-root user - can >>>>>>>> >>>>>>> chkconfig do >>>>>>> >>>>>>>> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ? >>>>>>>>> >>>>>>>>> >>>>>>>> su can run a command as a different user. >>>>>>>> >>>>>>>> although as Rainer points out, you may just be looking for the >>>>>>>> >>>>>>> permission >>>>>>> >>>>>>>> dropping features that are already in rsyslog. >>>>>>>> >>>>>>>> David Lang >>>>>>>> >>>>>>>> ______________________________****_________________ >>>>>>>> rsyslog mailing list >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>> <http:**//lists.adisco <http://lists.adisco> >>>>> >>>>>> n.net/mailman/listinfo/rsyslog**> >>>>>>> >>>>>>>> http://www.rsyslog.com/****professional-<http://www.rsyslog.com/**professional-> >>>>>>>> >>>>>>> services/<http://www.rsyslog.**com/professional-services/<http://www.rsyslog.com/professional-services/> >>>>>>> > >>>>>>> >>>>>>>> >>>>>>>> ______________________________**_________________ >>>>>>> rsyslog mailing list >>>>>>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>>>>> >>>>>> ______________________________**_________________ >>>>>> rsyslog mailing list >>>>>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>>>> >>>>>> ______________________________**_________________ >>>>> rsyslog mailing list >>>>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>>> >>>> ______________________________**_________________ >>>> rsyslog mailing list >>>> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>> >>>> >>> >>> ______________________________**_________________ >> rsyslog mailing list >> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >> >> ______________________________**_________________ > rsyslog mailing list > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> > http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
