> -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Michael Maymann > Sent: Friday, February 03, 2012 9:24 AM > To: rsyslog-users > Subject: Re: [rsyslog] rsyslog as non-root user > > Hi, > > I have attached debug info both when PrivDropTo is enabled and > disabled. > Only difference I can see is the 5 minutes it takes for the > PrivDropTo_enabled run to timeout (motherproccess dies and > childproccess > thereby gets owned by init)...
Ah, it looks like you use auto-backgrounding (which is the default due to historical reasons). You can disable that via -n. I don't know if the init script expects auto-backgrounding or not... Rainer > > Hopefully someone can see something more...:-) ! > > > Thanks in advance :-) ! > ~maymann > > > 2012/2/3 Rainer Gerhards <[email protected]> > > > > -----Original Message----- > > > From: [email protected] [mailto:rsyslog- > > > [email protected]] On Behalf Of Michael Maymann > > > Sent: Friday, February 03, 2012 8:38 AM > > > To: rsyslog-users > > > Subject: Re: [rsyslog] rsyslog as non-root user > > > > > > Hi, > > > > > > forgot to mention, that when i run: > > > # /usr/sbin/rsyslogd -c 6 > > > it does the same thing... (hang+timeout+live > > What do you mean with "hang"? I could see no indication of any > slowed-down > > processing inside the debug log. It may also be useful if you shared > the > > debug log publically, in case someone else has an idea. > > > > rainer > > > > > init/PrivDropToUser-owned-child-proccess) again only when > PrivDropTo is > > > enabled in /etc/rsyslog.conf... otherwise working perfectly... > > > Would this possibly be solved in yesterdays release: 6.3.7-devel ? > > > > > > Thanks in advance :-) ! > > > ~maymann > > > > > > 2012/2/3 Michael Maymann <[email protected]> > > > > > > > Hi, > > > > > > > > David: unfortunately this was not the case...: > > > > # cat /etc/sysconfig/selinux > > > > # This file controls the state of SELinux on the system. > > > > # SELINUX= can take one of these three values: > > > > # enforcing - SELinux security policy is enforced. > > > > # permissive - SELinux prints warnings instead of > enforcing. > > > > # disabled - SELinux is fully disabled. > > > > SELINUX=disabled > > > > # SELINUXTYPE= type of policy in use. Possible values are: > > > > # targeted - Only targeted network daemons are protected. > > > > # strict - Full SELinux protection. > > > > SELINUXTYPE=targeted > > > > > > > > What else could cause this problem ? > > > > > > > > > > > > > > > > Thanks in advance :-) ! > > > > ~maymann > > > > > > > > 2012/2/2 Michael Maymann <[email protected]> > > > > > > > >> Hi, > > > >> > > > >> David: Thanks for your reply - sounds possible... I will try > this > > > first > > > >> thing tomorrow morning and report back with findings... > > > >> > > > >> Br. > > > >> ~maymann > > > >> > > > >> 2012/2/2 <[email protected]> > > > >> > > > >> On Thu, 2 Feb 2012, Michael Maymann wrote: > > > >>> > > > >>> Hi Rainer, > > > >>>> > > > >>>> I really have my doubts it has something to do with my startup > > > script: > > > >>>> 1. I only changed the exec=/usr/sbin/rsyslogd from default > > > >>>> 2. It works perfectly when PrivDropTo is not used in > rsyslog.conf. > > > >>>> > > > >>>> I'm running on RHEL6.1_x64. > > > >>>> Do you have a working /etc/init.d/rsyslog what you can share/I > can > > > >>>> test...? > > > >>>> > > > >>> > > > >>> > > > >>> my guess is that this is a SELINUX related problem. > > > >>> > > > >>> what happens if you try to start rsyslog manually (not by > running > > > the > > > >>> startup script, but just running 'rsyslogd -c 6' " > > > >>> > > > >>> David Lang > > > >>> > > > >>> > > > >>> > > > >>>> Thanks in advance :-) ! > > > >>>> ~maymann > > > >>>> > > > >>>> 2012/2/2 Michael Maymann <[email protected]> > > > >>>> > > > >>>> Hi, > > > >>>>> > > > >>>>> Rainer: Sorry... forgot to mention that it doesn't say > anything > > > about > > > >>>>> failing in the logs... and it actually doesn't fail... it > works > > > and > > > >>>>> after > > > >>>>> the timeout+failed notice only the proccess owned by > > > >>>>> PrivDropToUser-USER is > > > >>>>> present, but now owned by the init-proccess (mother proccess > > > dies): > > > >>>>> > > > >>>>> # service rsyslog start > > > >>>>> Starting system logger: > > > [FAILED] > > > >>>>> > > > >>>>> BEFORE failed status: > > > >>>>> root 9126 9125 0 11:07 pts/1 00:00:00 > > > /usr/sbin/rsyslogd -c 6 > > > >>>>> <PrivDropToUser-USER> 9131 9126 0 11:07 ? 00:00:00 > > > >>>>> /usr/sbin/rsyslogd -c 6 > > > >>>>> > > > >>>>> AFTER failed status root-owned proccess is killed and > > > >>>>> PrivDropToUser-USER > > > >>>>> owned proccess is therefore gets owned by init: > > > >>>>> <PrivDropToUser-USER> 9131 1 0 11:07 ? 00:00:00 > > > >>>>> /usr/sbin/rsyslogd -c 6 > > > >>>>> > > > >>>>> Anyone who can help with this...?: > > > >>>>> here is the debug output when starting running the init- > script: > > > >>>>> #/etc/init.d/rsyslog start > > > >>>>> + . /etc/init.d/functions > > > >>>>> ++ TEXTDOMAIN=initscripts > > > >>>>> ++ umask 022 > > > >>>>> ++ PATH=/sbin:/usr/sbin:/bin:/**usr/bin > > > >>>>> ++ export PATH > > > >>>>> ++ '[' -z '' ']' > > > >>>>> ++ COLUMNS=80 > > > >>>>> ++ '[' -z '' ']' > > > >>>>> +++ /sbin/consoletype > > > >>>>> ++ CONSOLETYPE=pty > > > >>>>> ++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']' > > > >>>>> ++ . /etc/profile.d/lang.sh > > > >>>>> ++ unset LANGSH_SOURCED > > > >>>>> ++ '[' -z '' ']' > > > >>>>> ++ '[' -f /etc/sysconfig/init ']' > > > >>>>> ++ . /etc/sysconfig/init > > > >>>>> +++ BOOTUP=color > > > >>>>> +++ RES_COL=60 > > > >>>>> +++ MOVE_TO_COL='echo -en \033[60G' > > > >>>>> +++ SETCOLOR_SUCCESS='echo -en \033[0;32m' > > > >>>>> +++ SETCOLOR_FAILURE='echo -en \033[0;31m' > > > >>>>> +++ SETCOLOR_WARNING='echo -en \033[0;33m' > > > >>>>> +++ SETCOLOR_NORMAL='echo -en \033[0;39m' > > > >>>>> +++ PROMPT=yes > > > >>>>> +++ AUTOSWAP=no > > > >>>>> +++ ACTIVE_CONSOLES='/dev/tty[1-6]**' > > > >>>>> +++ SINGLE=/sbin/sushell > > > >>>>> ++ '[' pty = serial ']' > > > >>>>> ++ > > > >>>>> > __sed_discard_ignored_files='/**\(~\|\.bak\|\.orig\|\.rpmnew\|** > > > >>>>> \.rpmorig\|\.rpmsave\)$/d' > > > >>>>> + RETVAL=0 > > > >>>>> + PIDFILE=/var/run/syslogd.pid > > > >>>>> + prog=rsyslogd > > > >>>>> + exec=/usr/sbin/rsyslogd > > > >>>>> + lockfile=/var/lock/subsys/**rsyslogd > > > >>>>> + case "$1" in > > > >>>>> + start > > > >>>>> + '[' -x /usr/sbin/rsyslogd ']' > > > >>>>> + '[' -f /etc/sysconfig/rsyslog ']' > > > >>>>> + . /etc/sysconfig/rsyslog > > > >>>>> ++ SYSLOGD_OPTIONS='-c 6' > > > >>>>> + umask 077 > > > >>>>> + echo -n 'Starting system logger: ' > > > >>>>> Starting system logger: + daemon -- > pidfile=/var/run/syslogd.pid > > > >>>>> /usr/sbin/rsyslogd -c 6 > > > >>>>> + local gotbase= force= nicelevel corelimit > > > >>>>> + local pid base= user= nice= bg= pid_file= > > > >>>>> + local cgroup= > > > >>>>> + nicelevel=0 > > > >>>>> + '[' --pidfile=/var/run/syslogd.pid '!=' > > > >>>>> -pidfile=/var/run/syslogd.pid ']' > > > >>>>> + case $1 in > > > >>>>> + pid_file=/var/run/syslogd.pid > > > >>>>> + shift > > > >>>>> + '[' /usr/sbin/rsyslogd '!=' /usr/sbin/rsyslogd ']' > > > >>>>> + '[' -z '' ']' > > > >>>>> + base=rsyslogd > > > >>>>> + __pids_var_run rsyslogd /var/run/syslogd.pid > > > >>>>> + local base=rsyslogd > > > >>>>> + local pid_file=/var/run/syslogd.pid > > > >>>>> + pid= > > > >>>>> + '[' -f /var/run/syslogd.pid ']' > > > >>>>> + return 3 > > > >>>>> + '[' -n '' -a -z '' ']' > > > >>>>> + corelimit='ulimit -S -c 0' > > > >>>>> + '[' -n '' ']' > > > >>>>> + '[' -n '' ']' > > > >>>>> + '[' color = verbose -a -z '' ']' > > > >>>>> + '[' -z '' ']' > > > >>>>> + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; > > > /usr/sbin/rsyslogd -c > > > >>>>> 6' > > > >>>>> ... > > > >>>>> (hangs here for a long time) > > > >>>>> ... > > > >>>>> + '[' 1 -eq 0 ']' > > > >>>>> + failure 'rsyslogd startup' > > > >>>>> + local rc=1 > > > >>>>> + '[' color '!=' verbose -a -z '' ']' > > > >>>>> + echo_failure > > > >>>>> + '[' color = color ']' > > > >>>>> + echo -en '\033[60G' > > > >>>>> + > echo > > > -n '[' > > > >>>>> [+ '[' color = color ']' > > > >>>>> + echo -en '\033[0;31m' > > > >>>>> + echo -n FAILED > > > >>>>> FAILED+ '[' color = color ']' > > > >>>>> + echo -en '\033[0;39m' > > > >>>>> + echo -n ']' > > > >>>>> ]+ echo -ne '\r' > > > >>>>> + return 1 > > > >>>>> + '[' -x /usr/bin/plymouth ']' > > > >>>>> + /usr/bin/plymouth --details > > > >>>>> + return 1 > > > >>>>> + RETVAL=1 > > > >>>>> + echo > > > >>>>> > > > >>>>> + '[' 1 -eq 0 ']' > > > >>>>> + return 1 > > > >>>>> + exit 1 > > > >>>>> > > > >>>>> I have tried to give 777-access to /var/run and > /var/lock/subsys > > > - but > > > >>>>> same thing happens... > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> Thanks in advance :-) ! > > > >>>>> > > > >>>>> Br. > > > >>>>> ~maymann > > > >>>>> > > > >>>>> > > > >>>>> > > > >>>>> 2012/2/2 Rainer Gerhards <[email protected]> > > > >>>>> > > > >>>>> I can only help you with that part if you point me to why > > > exactly the > > > >>>>>> script > > > >>>>>> claims what it does. So you may want to try find someone who > can > > > do > > > >>>>>> that. > > > >>>>>> I > > > >>>>>> know this is probably a trivial question, but I don't know > > > anything ;) > > > >>>>>> > > > >>>>>> Sry, rainer > > > >>>>>> > > > >>>>>> -----Original Message----- > > > >>>>>>> From: [email protected].**com<rsyslog- > > > [email protected]>[mailto: > > > >>>>>>> rsyslog- > > > >>>>>>> [email protected]] On Behalf Of Michael Maymann > > > >>>>>>> Sent: Thursday, February 02, 2012 10:03 AM > > > >>>>>>> To: rsyslog-users > > > >>>>>>> Subject: Re: [rsyslog] rsyslog as non-root user > > > >>>>>>> > > > >>>>>>> Here is my startup script... only thing changed is the path > to > > > the > > > >>>>>>> new > > > >>>>>>> 6.3.6-rsyslog-devel binary. > > > >>>>>>> The startup-scripts works also perfectly when i comment out > the > > > >>>>>>> PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but > > > failes if i > > > >>>>>>> have > > > >>>>>>> both or one of the entries...: > > > >>>>>>> #!/bin/bash > > > >>>>>>> # > > > >>>>>>> # rsyslog Starts rsyslogd/rklogd. > > > >>>>>>> # > > > >>>>>>> # > > > >>>>>>> # chkconfig: 2345 12 88 > > > >>>>>>> # description: Syslog is the facility by which many daemons > use > > > to > > > >>>>>>> log > > > >>>>>>> \ > > > >>>>>>> # messages to various system log files. It is a good idea > to > > > always > > > >>>>>>> \ > > > >>>>>>> # run rsyslog. > > > >>>>>>> ### BEGIN INIT INFO > > > >>>>>>> # Provides: $syslog > > > >>>>>>> # Required-Start: $local_fs > > > >>>>>>> # Required-Stop: $local_fs > > > >>>>>>> # Default-Start: 2 3 4 5 > > > >>>>>>> # Default-Stop: 0 1 6 > > > >>>>>>> # Short-Description: Enhanced system logging and kernel > message > > > >>>>>>> trapping > > > >>>>>>> daemons > > > >>>>>>> # Description: Rsyslog is an enhanced multi-threaded > syslogd > > > >>>>>>> supporting, > > > >>>>>>> # among others, MySQL, syslog/tcp, RFC 3195, > > > permitted > > > >>>>>>> # sender lists, filtering on any message part, > and > > > fine > > > >>>>>>> # grain output format control. > > > >>>>>>> ### END INIT INFO > > > >>>>>>> > > > >>>>>>> # Source function library. > > > >>>>>>> . /etc/init.d/functions > > > >>>>>>> > > > >>>>>>> RETVAL=0 > > > >>>>>>> PIDFILE=/var/run/syslogd.pid > > > >>>>>>> > > > >>>>>>> prog=rsyslogd > > > >>>>>>> #exec=/sbin/rsyslogd > > > >>>>>>> exec=/usr/sbin/rsyslogd > > > >>>>>>> lockfile=/var/lock/subsys/$**prog > > > >>>>>>> > > > >>>>>>> start() { > > > >>>>>>> [ -x $exec ] || exit 5 > > > >>>>>>> > > > >>>>>>> # Source config > > > >>>>>>> if [ -f /etc/sysconfig/rsyslog ] ; then > > > >>>>>>> . /etc/sysconfig/rsyslog > > > >>>>>>> fi > > > >>>>>>> umask 077 > > > >>>>>>> > > > >>>>>>> echo -n $"Starting system logger: " > > > >>>>>>> daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS > > > >>>>>>> RETVAL=$? > > > >>>>>>> echo > > > >>>>>>> [ $RETVAL -eq 0 ] && touch $lockfile > > > >>>>>>> return $RETVAL > > > >>>>>>> } > > > >>>>>>> stop() { > > > >>>>>>> echo -n $"Shutting down system logger: " > > > >>>>>>> killproc $prog > > > >>>>>>> RETVAL=$? > > > >>>>>>> echo > > > >>>>>>> [ $RETVAL -eq 0 ] && rm -f $lockfile > > > >>>>>>> return $RETVAL > > > >>>>>>> } > > > >>>>>>> reload() { > > > >>>>>>> RETVAL=1 > > > >>>>>>> syslog=$(cat "${PIDFILE}" 2>/dev/null) > > > >>>>>>> echo -n "Reloading system logger..." > > > >>>>>>> if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then > > > >>>>>>> kill -HUP "$syslog"; > > > >>>>>>> RETVAL=$? > > > >>>>>>> fi > > > >>>>>>> if [ $RETVAL -ne 0 ]; then > > > >>>>>>> failure > > > >>>>>>> else > > > >>>>>>> success > > > >>>>>>> fi > > > >>>>>>> echo > > > >>>>>>> return $RETVAL > > > >>>>>>> } > > > >>>>>>> rhstatus() { > > > >>>>>>> status -p "${PIDFILE}" $prog > > > >>>>>>> } > > > >>>>>>> restart() { > > > >>>>>>> stop > > > >>>>>>> start > > > >>>>>>> } > > > >>>>>>> > > > >>>>>>> case "$1" in > > > >>>>>>> start) > > > >>>>>>> start > > > >>>>>>> ;; > > > >>>>>>> stop) > > > >>>>>>> stop > > > >>>>>>> ;; > > > >>>>>>> restart) > > > >>>>>>> restart > > > >>>>>>> ;; > > > >>>>>>> reload|force-reload) > > > >>>>>>> reload > > > >>>>>>> ;; > > > >>>>>>> status) > > > >>>>>>> rhstatus > > > >>>>>>> ;; > > > >>>>>>> condrestart|try-restart) > > > >>>>>>> rhstatus >/dev/null 2>&1 || exit 0 > > > >>>>>>> restart > > > >>>>>>> ;; > > > >>>>>>> *) > > > >>>>>>> echo $"Usage: $0 > > > >>>>>>> {start|stop|restart|**condrestart|try- > restart|**reload|force- > > > >>>>>>> reload|status}" > > > >>>>>>> exit 2 > > > >>>>>>> esac > > > >>>>>>> > > > >>>>>>> exit $? > > > >>>>>>> > > > >>>>>>> 2012/2/2 Rainer Gerhards <[email protected]> > > > >>>>>>> > > > >>>>>>> > > > >>>>>>>> > > > >>>>>>>> -----Original Message----- > > > >>>>>>>>> From: [email protected].**com<rsyslog- > > > [email protected]>[mailto: > > > >>>>>>>>> rsyslog- > > > >>>>>>>>> [email protected]] On Behalf Of Michael Maymann > > > >>>>>>>>> Sent: Wednesday, February 01, 2012 9:08 AM > > > >>>>>>>>> To: rsyslog-users > > > >>>>>>>>> Subject: Re: [rsyslog] rsyslog as non-root user > > > >>>>>>>>> > > > >>>>>>>>> Hi, > > > >>>>>>>>> > > > >>>>>>>>> David: thanks - got it working with permission dropping, > by > > > far my > > > >>>>>>>>> prefered > > > >>>>>>>>> configuration... just didn't know of it...:-) ! > > > >>>>>>>>> Rainer: please let us know if the debug info of the > > > "permission > > > >>>>>>>>> dropping: > > > >>>>>>>>> hang+timeout" I send you can solve anything... anyway it > > > works now > > > >>>>>>>>> > > > >>>>>>>> - > > > >>>>>>> > > > >>>>>>>> but > > > >>>>>>>>> not optimal if other people have to service my setup...:- > ) ! > > > >>>>>>>>> > > > >>>>>>>> > > > >>>>>>>> I have reviewed the debug log and I see nothing > unexpected. > > > From the > > > >>>>>>>> timestamps I also see that there is no hang whatsoever. So > it > > > looks > > > >>>>>>>> > > > >>>>>>> like > > > >>>>>>> > > > >>>>>>>> there is some problem with the startup script, which I > don't > > > know. I > > > >>>>>>>> suggest > > > >>>>>>>> to ask what the FAILED status is caused by. We can then > look > > > why > > > >>>>>>>> this > > > >>>>>>>> happens. > > > >>>>>>>> > > > >>>>>>>> Sorry I have no better answer... > > > >>>>>>>> Rainer > > > >>>>>>>> > > > >>>>>>>> > > > >>>>>>>>> Thanks in advance :-) ! > > > >>>>>>>>> ~maymann > > > >>>>>>>>> > > > >>>>>>>>> 2012/2/1 <[email protected]> > > > >>>>>>>>> > > > >>>>>>>>> On Tue, 31 Jan 2012, Michael Maymann wrote: > > > >>>>>>>>>> > > > >>>>>>>>>> Hi, > > > >>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>>> I have now setup a 6.3.6-devel rsyslog server that is > > > working > > > >>>>>>>>>>> > > > >>>>>>>>>> fine > > > >>>>>>> > > > >>>>>>>> running > > > >>>>>>>>> > > > >>>>>>>>>> as root. > > > >>>>>>>>>>> I would like to run it as non-root user as my logfiles > are > > > >>>>>>>>>>> > > > >>>>>>>>>> located > > > >>>>>>> > > > >>>>>>>> on NFS > > > >>>>>>>>> > > > >>>>>>>>>> (and root export of NFS is generally not a good idea !). > > > >>>>>>>>>>> > > > >>>>>>>>>>> Here is my rsyslog.conf: > > > >>>>>>>>>>> #LOAD MODULES > > > >>>>>>>>>>> $ModLoad imudp > > > >>>>>>>>>>> $UDPServerRun 514 > > > >>>>>>>>>>> $UDPServerAddress 127.0.0.1 > > > >>>>>>>>>>> $ModLoad imtcp > > > >>>>>>>>>>> $InputTCPServerRun 514 > > > >>>>>>>>>>> #SET DESTINATION FOR LOGS > > > >>>>>>>>>>> $template > > > >>>>>>>>>>> > > > DYNmessages,"<PATH_TO>/%****FROMHOST%/%FROMHOST%_%$YEAR%.%**** > > > >>>>>>>>>>> $MONTH%_messages" > > > >>>>>>>>>>> $template > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>> > DYNsecure,"<PATH_TO>/%****FROMHOST%/%FROMHOST%_%$YEAR%.%** > > > >>>>>>> **$MONTH%_secure" > > > >>>>>>> > > > >>>>>>>> $template > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>> > DYNmaillog,"<PATH_TO>/%****FROMHOST%/%FROMHOST%_%$YEAR%.%** > > > >>>>>>> **$MONTH%_maillo > > > >>>>>>> > > > >>>>>>>> g" > > > >>>>>>>>> > > > >>>>>>>>>> $template > > > >>>>>>>>>>> > > > >>>>>>>>>> > > > DYNcron,"<PATH_TO>/%FROMHOST%/****%FROMHOST%_%$YEAR%.%$MONTH%_** > > > >>>>>>>>> ** > > > >>>>>>>>> > > > >>>>>>>>>> cron" > > > >>>>>>>>>>> $template > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>> > DYNspooler,"<PATH_TO>/%****FROMHOST%/%FROMHOST%_%$YEAR%.%** > > > >>>>>>> **$MONTH%_spoole > > > >>>>>>> > > > >>>>>>>> r" > > > >>>>>>>>> > > > >>>>>>>>>> $template > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>> > > > DYNboot,"<PATH_TO>/%FROMHOST%/****%FROMHOST%_%$YEAR%.%$MONTH%_** > > > >>>>>>> **boot.log" > > > >>>>>>> > > > >>>>>>>> $template > > > >>>>>>>>>>> > > > >>>>>>>>>> > > > DYNtraps,"<PATH_TO>/%FROMHOST%****/%FROMHOST%_%$YEAR%.%$MONTH%** > > > >>>>>>>>> _** > > > >>>>>>>>> > > > >>>>>>>>>> traps" > > > >>>>>>>>>>> #SET LOGGING CONDITIONS > > > >>>>>>>>>>> if $syslogseverity <= '6' then ?DYNmessages > > > >>>>>>>>>>> if $syslogfacility-text == 'authpriv' then ?DYNsecure > > > >>>>>>>>>>> if $syslogfacility-text == 'mail' then ?DYNmaillog > > > >>>>>>>>>>> if $syslogfacility-text == 'cron' then ?DYNcron > > > >>>>>>>>>>> if $syslogseverity-text == 'crit' then ?DYNspooler > > > >>>>>>>>>>> if $syslogfacility-text == 'local7' then ?DYNboot > > > >>>>>>>>>>> if $syslogfacility-text == 'local6' and > $syslogseverity- > > > text == > > > >>>>>>>>>>> > > > >>>>>>>>>> 'WARNING' > > > >>>>>>>>> > > > >>>>>>>>>> then ?DYNtraps > > > >>>>>>>>>>> > > > >>>>>>>>>>> Here is my logfile when I try to start rsyslog as a > non- > > > root > > > >>>>>>>>>>> > > > >>>>>>>>>> user: > > > >>>>>>> > > > >>>>>>>> 2012-01-31T15:45:52.997693+02:****00 <hostname> rsyslogd: > > > [origin > > > >>>>>>>>>>> software="rsyslogd" swVersion="6.3.6" x-pid="26185" x- > > > info=" > > > >>>>>>>>>>> http://www.rsyslog.com";] start > > > >>>>>>>>>>> 2012-01-31T15:45:52.997294+02:****00 <hostname> > rsyslogd: > > > bind: > > > >>>>>>>>>>> > > > >>>>>>>>>> Permission > > > >>>>>>>>> > > > >>>>>>>>>> denied > > > >>>>>>>>>>> 2012-01-31T15:45:52.997369+02:****00 <hostname> > rsyslogd: > > > bind: > > > >>>>>>>>>>> > > > >>>>>>>>>> Permission > > > >>>>>>>>> > > > >>>>>>>>>> denied > > > >>>>>>>>>>> 2012-01-31T15:45:52.997374+02:****00 <hostname> > rsyslogd: > > > No UDP > > > >>>>>>>>>>> > > > >>>>>>>>>> listen > > > >>>>>>>>> > > > >>>>>>>>>> socket > > > >>>>>>>>>>> could successfully be initialized, message reception > via > > > UDP > > > >>>>>>>>>>> > > > >>>>>>>>>> disabled. > > > >>>>>>>>> > > > >>>>>>>>>> 2012-01-31T15:45:52.997376+02:****00 <hostname> > rsyslogd: > > > imudp: > > > >>>>>>>>>>> > > > >>>>>>>>>> no > > > >>>>>>> > > > >>>>>>>> listeners > > > >>>>>>>>>>> could be started, input not activated. > > > >>>>>>>>>>> 2012-01-31T15:45:52.997379+02:****00 <hostname> > rsyslogd3: > > > >>>>>>>>>>> > > > >>>>>>>>>> activation > > > >>>>>>> > > > >>>>>>>> of > > > >>>>>>>>> > > > >>>>>>>>>> module > > > >>>>>>>>>>> imudp failed [try http://www.rsyslog.com/e/-3 ] > > > >>>>>>>>>>> 2012-01-31T15:45:52.997643+02:****00 <hostname> > rsyslogd- > > > 2077: > > > >>>>>>>>>>> > > > >>>>>>>>>> Could > > > >>>>>>> > > > >>>>>>>> not > > > >>>>>>>>> > > > >>>>>>>>>> create > > > >>>>>>>>>>> tcp listener, ignoring port 514. [try > > > >>>>>>>>>>> > > > >>>>>>>>>> http://www.rsyslog.com/e/2077 > > > >>>>>>> > > > >>>>>>>> ] > > > >>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>>> So permissions to bind and sockets seems to be the > > > problem... > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> yes, you cannot bind to ports <1024 as a normal user > > > (without > > > >>>>>>>>>> > > > >>>>>>>>> making > > > >>>>>>> > > > >>>>>>>> some > > > >>>>>>>>> > > > >>>>>>>>>> other non-standard changes through sysctl) > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> 1. Is it possible to make rsyslog write logfiles as a > non- > > > root > > > >>>>>>>>>> > > > >>>>>>>>> user > > > >>>>>>> > > > >>>>>>>> - if > > > >>>>>>>>> > > > >>>>>>>>>> yes: how ? > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> permission drop features > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> 2a. Is it possible to add permissions for non-root user > to > > > run > > > >>>>>>>>>> > > > >>>>>>>>> rsyslog > > > >>>>>>>>> > > > >>>>>>>>>> server - if yes: how ? > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> pick a listening port > 1024 and it should work. > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> 2b. How do I start rsyslog during boot as non-root user > - > > > can > > > >>>>>>>>>> > > > >>>>>>>>> chkconfig do > > > >>>>>>>>> > > > >>>>>>>>>> this ? do I need to edit /etc/init.d/rsyslog - if yes: > how ? > > > >>>>>>>>>>> > > > >>>>>>>>>>> > > > >>>>>>>>>> su can run a command as a different user. > > > >>>>>>>>>> > > > >>>>>>>>>> although as Rainer points out, you may just be looking > for > > > the > > > >>>>>>>>>> > > > >>>>>>>>> permission > > > >>>>>>>>> > > > >>>>>>>>>> dropping features that are already in rsyslog. > > > >>>>>>>>>> > > > >>>>>>>>>> David Lang > > > >>>>>>>>>> > > > >>>>>>>>>> ______________________________****_________________ > > > >>>>>>>>>> rsyslog mailing list > > > >>>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>> > > > > http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adis > > > con.net/**mailman/listinfo/rsyslog> > > > >>>>>>> <http:**//lists.adisco <http://lists.adisco> > > > >>>>>>> > > > >>>>>>>> n.net/mailman/listinfo/rsyslog**> > > > >>>>>>>>> > > > >>>>>>>>>> http://www.rsyslog.com/****professional- > > > <http://www.rsyslog.com/**professional-> > > > >>>>>>>>>> > > > >>>>>>>>> services/<http://www.rsyslog.**com/professional- > > > services/<http://www.rsyslog.com/professional-services/> > > > >>>>>>>>> > > > > >>>>>>>>> > > > >>>>>>>>>> > > > >>>>>>>>>> ______________________________**_________________ > > > >>>>>>>>> rsyslog mailing list > > > >>>>>>>>> > > > > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco > > > n.net/mailman/listinfo/rsyslog> > > > >>>>>>>>> http://www.rsyslog.com/**professional- > > > services/<http://www.rsyslog.com/professional-services/> > > > >>>>>>>>> > > > >>>>>>>> ______________________________**_________________ > > > >>>>>>>> rsyslog mailing list > > > >>>>>>>> > > > > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco > > > n.net/mailman/listinfo/rsyslog> > > > >>>>>>>> http://www.rsyslog.com/**professional- > > > services/<http://www.rsyslog.com/professional-services/> > > > >>>>>>>> > > > >>>>>>>> ______________________________**_________________ > > > >>>>>>> rsyslog mailing list > > > >>>>>>> > > > > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco > > > n.net/mailman/listinfo/rsyslog> > > > >>>>>>> http://www.rsyslog.com/**professional- > > > services/<http://www.rsyslog.com/professional-services/> > > > >>>>>>> > > > >>>>>> ______________________________**_________________ > > > >>>>>> rsyslog mailing list > > > >>>>>> > > > > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco > > > n.net/mailman/listinfo/rsyslog> > > > >>>>>> http://www.rsyslog.com/**professional- > > > services/<http://www.rsyslog.com/professional-services/> > > > >>>>>> > > > >>>>>> > > > >>>>> > > > >>>>> ______________________________**_________________ > > > >>>> rsyslog mailing list > > > >>>> > > > > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco > > > n.net/mailman/listinfo/rsyslog> > > > >>>> http://www.rsyslog.com/**professional- > > > services/<http://www.rsyslog.com/professional-services/> > > > >>>> > > > >>>> ______________________________**_________________ > > > >>> rsyslog mailing list > > > >>> > > > > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco > > > n.net/mailman/listinfo/rsyslog> > > > >>> http://www.rsyslog.com/**professional- > > > services/<http://www.rsyslog.com/professional-services/> > > > >>> > > > >> > > > >> > > > > > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com/professional-services/ > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
