Hi, Yes I have, and now set them to /tmp just for testing, but same thing...: PIDFILE=/tmp/syslogd.pi lockfile=/tmp/$prog
When started manually, it seems to be working just fine... also after 5 minutes...:-) !: root 1498 1 0 Feb01 ? 00:00:00 /usr/sbin/sshd root 14128 1498 0 09:03 ? 00:00:00 sshd: root@pts/0 root 14131 14128 0 09:04 pts/0 00:00:00 -bash <PrivDropToUser> 15442 14131 0 11:51 pts/0 00:00:00 /usr/sbin/rsyslogd -c 6 -n How can I implement similar behaviour to /etc/init.d/rsyslog+/etc/sysconfig/rsyslog...? Thanks in advance :-) ! ~maymann 2012/2/3 <[email protected]> > On Fri, 3 Feb 2012, Michael Maymann wrote: > > Hi, >> >> David: unfortunately this was not the case...: >> # cat /etc/sysconfig/selinux >> # This file controls the state of SELinux on the system. >> # SELINUX= can take one of these three values: >> # enforcing - SELinux security policy is enforced. >> # permissive - SELinux prints warnings instead of enforcing. >> # disabled - SELinux is fully disabled. >> SELINUX=disabled >> # SELINUXTYPE= type of policy in use. Possible values are: >> # targeted - Only targeted network daemons are protected. >> # strict - Full SELinux protection. >> SELINUXTYPE=targeted >> >> What else could cause this problem ? >> > > possibly a silly question, but have you verified that the user you are > dropping privileges to has write permission on the directories that you > write logs (and any queue files) to? > > David Lang > > >> Thanks in advance :-) ! >> ~maymann >> >> 2012/2/2 Michael Maymann <[email protected]> >> >> Hi, >>> >>> David: Thanks for your reply - sounds possible... I will try this first >>> thing tomorrow morning and report back with findings... >>> >>> Br. >>> ~maymann >>> >>> 2012/2/2 <[email protected]> >>> >>> On Thu, 2 Feb 2012, Michael Maymann wrote: >>> >>>> >>>> Hi Rainer, >>>> >>>>> >>>>> I really have my doubts it has something to do with my startup script: >>>>> 1. I only changed the exec=/usr/sbin/rsyslogd from default >>>>> 2. It works perfectly when PrivDropTo is not used in rsyslog.conf. >>>>> >>>>> I'm running on RHEL6.1_x64. >>>>> Do you have a working /etc/init.d/rsyslog what you can share/I can >>>>> test...? >>>>> >>>>> >>>> >>>> my guess is that this is a SELINUX related problem. >>>> >>>> what happens if you try to start rsyslog manually (not by running the >>>> startup script, but just running 'rsyslogd -c 6' " >>>> >>>> David Lang >>>> >>>> >>>> >>>> Thanks in advance :-) ! >>>>> ~maymann >>>>> >>>>> 2012/2/2 Michael Maymann <[email protected]> >>>>> >>>>> Hi, >>>>> >>>>>> >>>>>> Rainer: Sorry... forgot to mention that it doesn't say anything about >>>>>> failing in the logs... and it actually doesn't fail... it works and >>>>>> after >>>>>> the timeout+failed notice only the proccess owned by >>>>>> PrivDropToUser-USER is >>>>>> present, but now owned by the init-proccess (mother proccess dies): >>>>>> >>>>>> # service rsyslog start >>>>>> Starting system logger: [FAILED] >>>>>> >>>>>> BEFORE failed status: >>>>>> root 9126 9125 0 11:07 pts/1 00:00:00 /usr/sbin/rsyslogd -c >>>>>> 6 >>>>>> <PrivDropToUser-USER> 9131 9126 0 11:07 ? 00:00:00 >>>>>> /usr/sbin/rsyslogd -c 6 >>>>>> >>>>>> AFTER failed status root-owned proccess is killed and >>>>>> PrivDropToUser-USER >>>>>> owned proccess is therefore gets owned by init: >>>>>> <PrivDropToUser-USER> 9131 1 0 11:07 ? 00:00:00 >>>>>> /usr/sbin/rsyslogd -c 6 >>>>>> >>>>>> Anyone who can help with this...?: >>>>>> here is the debug output when starting running the init-script: >>>>>> #/etc/init.d/rsyslog start >>>>>> + . /etc/init.d/functions >>>>>> ++ TEXTDOMAIN=initscripts >>>>>> ++ umask 022 >>>>>> ++ PATH=/sbin:/usr/sbin:/bin:/****usr/bin >>>>>> >>>>>> ++ export PATH >>>>>> ++ '[' -z '' ']' >>>>>> ++ COLUMNS=80 >>>>>> ++ '[' -z '' ']' >>>>>> +++ /sbin/consoletype >>>>>> ++ CONSOLETYPE=pty >>>>>> ++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']' >>>>>> ++ . /etc/profile.d/lang.sh >>>>>> ++ unset LANGSH_SOURCED >>>>>> ++ '[' -z '' ']' >>>>>> ++ '[' -f /etc/sysconfig/init ']' >>>>>> ++ . /etc/sysconfig/init >>>>>> +++ BOOTUP=color >>>>>> +++ RES_COL=60 >>>>>> +++ MOVE_TO_COL='echo -en \033[60G' >>>>>> +++ SETCOLOR_SUCCESS='echo -en \033[0;32m' >>>>>> +++ SETCOLOR_FAILURE='echo -en \033[0;31m' >>>>>> +++ SETCOLOR_WARNING='echo -en \033[0;33m' >>>>>> +++ SETCOLOR_NORMAL='echo -en \033[0;39m' >>>>>> +++ PROMPT=yes >>>>>> +++ AUTOSWAP=no >>>>>> +++ ACTIVE_CONSOLES='/dev/tty[1-6]****' >>>>>> >>>>>> +++ SINGLE=/sbin/sushell >>>>>> ++ '[' pty = serial ']' >>>>>> ++ >>>>>> __sed_discard_ignored_files='/****\(~\|\.bak\|\.orig\|\.**rpmnew\|** >>>>>> \.rpmorig\|\.rpmsave\)$/d' >>>>>> + RETVAL=0 >>>>>> + PIDFILE=/var/run/syslogd.pid >>>>>> + prog=rsyslogd >>>>>> + exec=/usr/sbin/rsyslogd >>>>>> + lockfile=/var/lock/subsys/****rsyslogd >>>>>> >>>>>> + case "$1" in >>>>>> + start >>>>>> + '[' -x /usr/sbin/rsyslogd ']' >>>>>> + '[' -f /etc/sysconfig/rsyslog ']' >>>>>> + . /etc/sysconfig/rsyslog >>>>>> ++ SYSLOGD_OPTIONS='-c 6' >>>>>> + umask 077 >>>>>> + echo -n 'Starting system logger: ' >>>>>> Starting system logger: + daemon --pidfile=/var/run/syslogd.pid >>>>>> /usr/sbin/rsyslogd -c 6 >>>>>> + local gotbase= force= nicelevel corelimit >>>>>> + local pid base= user= nice= bg= pid_file= >>>>>> + local cgroup= >>>>>> + nicelevel=0 >>>>>> + '[' --pidfile=/var/run/syslogd.pid '!=' >>>>>> -pidfile=/var/run/syslogd.pid >>>>>> ']' >>>>>> + case $1 in >>>>>> + pid_file=/var/run/syslogd.pid >>>>>> + shift >>>>>> + '[' /usr/sbin/rsyslogd '!=' /usr/sbin/rsyslogd ']' >>>>>> + '[' -z '' ']' >>>>>> + base=rsyslogd >>>>>> + __pids_var_run rsyslogd /var/run/syslogd.pid >>>>>> + local base=rsyslogd >>>>>> + local pid_file=/var/run/syslogd.pid >>>>>> + pid= >>>>>> + '[' -f /var/run/syslogd.pid ']' >>>>>> + return 3 >>>>>> + '[' -n '' -a -z '' ']' >>>>>> + corelimit='ulimit -S -c 0' >>>>>> + '[' -n '' ']' >>>>>> + '[' -n '' ']' >>>>>> + '[' color = verbose -a -z '' ']' >>>>>> + '[' -z '' ']' >>>>>> + /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/rsyslogd -c >>>>>> 6' >>>>>> ... >>>>>> (hangs here for a long time) >>>>>> ... >>>>>> + '[' 1 -eq 0 ']' >>>>>> + failure 'rsyslogd startup' >>>>>> + local rc=1 >>>>>> + '[' color '!=' verbose -a -z '' ']' >>>>>> + echo_failure >>>>>> + '[' color = color ']' >>>>>> + echo -en '\033[60G' >>>>>> + echo -n '[' >>>>>> [+ '[' color = color ']' >>>>>> + echo -en '\033[0;31m' >>>>>> + echo -n FAILED >>>>>> FAILED+ '[' color = color ']' >>>>>> + echo -en '\033[0;39m' >>>>>> + echo -n ']' >>>>>> ]+ echo -ne '\r' >>>>>> + return 1 >>>>>> + '[' -x /usr/bin/plymouth ']' >>>>>> + /usr/bin/plymouth --details >>>>>> + return 1 >>>>>> + RETVAL=1 >>>>>> + echo >>>>>> >>>>>> + '[' 1 -eq 0 ']' >>>>>> + return 1 >>>>>> + exit 1 >>>>>> >>>>>> I have tried to give 777-access to /var/run and /var/lock/subsys - but >>>>>> same thing happens... >>>>>> >>>>>> >>>>>> >>>>>> Thanks in advance :-) ! >>>>>> >>>>>> Br. >>>>>> ~maymann >>>>>> >>>>>> >>>>>> >>>>>> 2012/2/2 Rainer Gerhards <[email protected]> >>>>>> >>>>>> I can only help you with that part if you point me to why exactly the >>>>>> >>>>>>> script >>>>>>> claims what it does. So you may want to try find someone who can do >>>>>>> that. >>>>>>> I >>>>>>> know this is probably a trivial question, but I don't know anything >>>>>>> ;) >>>>>>> >>>>>>> Sry, rainer >>>>>>> >>>>>>> -----Original Message----- >>>>>>> >>>>>>>> From: [email protected].****com<rsyslog-bounces@lists.* >>>>>>>> *adiscon.com <[email protected]>>[mailto: >>>>>>>> >>>>>>>> rsyslog- >>>>>>>> [email protected]] On Behalf Of Michael Maymann >>>>>>>> Sent: Thursday, February 02, 2012 10:03 AM >>>>>>>> To: rsyslog-users >>>>>>>> Subject: Re: [rsyslog] rsyslog as non-root user >>>>>>>> >>>>>>>> Here is my startup script... only thing changed is the path to the >>>>>>>> new >>>>>>>> 6.3.6-rsyslog-devel binary. >>>>>>>> The startup-scripts works also perfectly when i comment out the >>>>>>>> PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but failes if >>>>>>>> i >>>>>>>> have >>>>>>>> both or one of the entries...: >>>>>>>> #!/bin/bash >>>>>>>> # >>>>>>>> # rsyslog Starts rsyslogd/rklogd. >>>>>>>> # >>>>>>>> # >>>>>>>> # chkconfig: 2345 12 88 >>>>>>>> # description: Syslog is the facility by which many daemons use to >>>>>>>> log >>>>>>>> \ >>>>>>>> # messages to various system log files. It is a good idea to >>>>>>>> always \ >>>>>>>> # run rsyslog. >>>>>>>> ### BEGIN INIT INFO >>>>>>>> # Provides: $syslog >>>>>>>> # Required-Start: $local_fs >>>>>>>> # Required-Stop: $local_fs >>>>>>>> # Default-Start: 2 3 4 5 >>>>>>>> # Default-Stop: 0 1 6 >>>>>>>> # Short-Description: Enhanced system logging and kernel message >>>>>>>> trapping >>>>>>>> daemons >>>>>>>> # Description: Rsyslog is an enhanced multi-threaded syslogd >>>>>>>> supporting, >>>>>>>> # among others, MySQL, syslog/tcp, RFC 3195, permitted >>>>>>>> # sender lists, filtering on any message part, and fine >>>>>>>> # grain output format control. >>>>>>>> ### END INIT INFO >>>>>>>> >>>>>>>> # Source function library. >>>>>>>> . /etc/init.d/functions >>>>>>>> >>>>>>>> RETVAL=0 >>>>>>>> PIDFILE=/var/run/syslogd.pid >>>>>>>> >>>>>>>> prog=rsyslogd >>>>>>>> #exec=/sbin/rsyslogd >>>>>>>> exec=/usr/sbin/rsyslogd >>>>>>>> lockfile=/var/lock/subsys/$****prog >>>>>>>> >>>>>>>> >>>>>>>> start() { >>>>>>>> [ -x $exec ] || exit 5 >>>>>>>> >>>>>>>> # Source config >>>>>>>> if [ -f /etc/sysconfig/rsyslog ] ; then >>>>>>>> . /etc/sysconfig/rsyslog >>>>>>>> fi >>>>>>>> umask 077 >>>>>>>> >>>>>>>> echo -n $"Starting system logger: " >>>>>>>> daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS >>>>>>>> RETVAL=$? >>>>>>>> echo >>>>>>>> [ $RETVAL -eq 0 ] && touch $lockfile >>>>>>>> return $RETVAL >>>>>>>> } >>>>>>>> stop() { >>>>>>>> echo -n $"Shutting down system logger: " >>>>>>>> killproc $prog >>>>>>>> RETVAL=$? >>>>>>>> echo >>>>>>>> [ $RETVAL -eq 0 ] && rm -f $lockfile >>>>>>>> return $RETVAL >>>>>>>> } >>>>>>>> reload() { >>>>>>>> RETVAL=1 >>>>>>>> syslog=$(cat "${PIDFILE}" 2>/dev/null) >>>>>>>> echo -n "Reloading system logger..." >>>>>>>> if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then >>>>>>>> kill -HUP "$syslog"; >>>>>>>> RETVAL=$? >>>>>>>> fi >>>>>>>> if [ $RETVAL -ne 0 ]; then >>>>>>>> failure >>>>>>>> else >>>>>>>> success >>>>>>>> fi >>>>>>>> echo >>>>>>>> return $RETVAL >>>>>>>> } >>>>>>>> rhstatus() { >>>>>>>> status -p "${PIDFILE}" $prog >>>>>>>> } >>>>>>>> restart() { >>>>>>>> stop >>>>>>>> start >>>>>>>> } >>>>>>>> >>>>>>>> case "$1" in >>>>>>>> start) >>>>>>>> start >>>>>>>> ;; >>>>>>>> stop) >>>>>>>> stop >>>>>>>> ;; >>>>>>>> restart) >>>>>>>> restart >>>>>>>> ;; >>>>>>>> reload|force-reload) >>>>>>>> reload >>>>>>>> ;; >>>>>>>> status) >>>>>>>> rhstatus >>>>>>>> ;; >>>>>>>> condrestart|try-restart) >>>>>>>> rhstatus >/dev/null 2>&1 || exit 0 >>>>>>>> restart >>>>>>>> ;; >>>>>>>> *) >>>>>>>> echo $"Usage: $0 >>>>>>>> {start|stop|restart|****condrestart|try-restart|****reload|force- >>>>>>>> >>>>>>>> reload|status}" >>>>>>>> exit 2 >>>>>>>> esac >>>>>>>> >>>>>>>> exit $? >>>>>>>> >>>>>>>> 2012/2/2 Rainer Gerhards <[email protected]> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> >>>>>>>>>> From: [email protected].****com< >>>>>>>>>> rsyslog-bounces@lists.**adiscon.com<[email protected]> >>>>>>>>>> >[mailto: >>>>>>>>>> >>>>>>>>>> rsyslog- >>>>>>>>>> [email protected]] On Behalf Of Michael Maymann >>>>>>>>>> Sent: Wednesday, February 01, 2012 9:08 AM >>>>>>>>>> To: rsyslog-users >>>>>>>>>> Subject: Re: [rsyslog] rsyslog as non-root user >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> David: thanks - got it working with permission dropping, by far my >>>>>>>>>> prefered >>>>>>>>>> configuration... just didn't know of it...:-) ! >>>>>>>>>> Rainer: please let us know if the debug info of the "permission >>>>>>>>>> dropping: >>>>>>>>>> hang+timeout" I send you can solve anything... anyway it works now >>>>>>>>>> >>>>>>>>>> - >>>>>>>>> >>>>>>>> >>>>>>>> but >>>>>>>>> >>>>>>>>>> not optimal if other people have to service my setup...:-) ! >>>>>>>>>> >>>>>>>>>> >>>>>>>>> I have reviewed the debug log and I see nothing unexpected. From >>>>>>>>> the >>>>>>>>> timestamps I also see that there is no hang whatsoever. So it looks >>>>>>>>> >>>>>>>>> like >>>>>>>> >>>>>>>> there is some problem with the startup script, which I don't know. >>>>>>>>> I >>>>>>>>> suggest >>>>>>>>> to ask what the FAILED status is caused by. We can then look why >>>>>>>>> this >>>>>>>>> happens. >>>>>>>>> >>>>>>>>> Sorry I have no better answer... >>>>>>>>> Rainer >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks in advance :-) ! >>>>>>>>>> ~maymann >>>>>>>>>> >>>>>>>>>> 2012/2/1 <[email protected]> >>>>>>>>>> >>>>>>>>>> On Tue, 31 Jan 2012, Michael Maymann wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> I have now setup a 6.3.6-devel rsyslog server that is working >>>>>>>>>>>> >>>>>>>>>>>> fine >>>>>>>>>>> >>>>>>>>>> >>>>>>>> running >>>>>>>>> >>>>>>>>>> >>>>>>>>>> as root. >>>>>>>>>>> >>>>>>>>>>>> I would like to run it as non-root user as my logfiles are >>>>>>>>>>>> >>>>>>>>>>>> located >>>>>>>>>>> >>>>>>>>>> >>>>>>>> on NFS >>>>>>>>> >>>>>>>>>> >>>>>>>>>> (and root export of NFS is generally not a good idea !). >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Here is my rsyslog.conf: >>>>>>>>>>>> #LOAD MODULES >>>>>>>>>>>> $ModLoad imudp >>>>>>>>>>>> $UDPServerRun 514 >>>>>>>>>>>> $UDPServerAddress 127.0.0.1 >>>>>>>>>>>> $ModLoad imtcp >>>>>>>>>>>> $InputTCPServerRun 514 >>>>>>>>>>>> #SET DESTINATION FOR LOGS >>>>>>>>>>>> $template >>>>>>>>>>>> DYNmessages,"<PATH_TO>/%******FROMHOST%/%FROMHOST%_%$YEAR%.%** >>>>>>>>>>>> **** >>>>>>>>>>>> $MONTH%_messages" >>>>>>>>>>>> $template >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> DYNsecure,"<PATH_TO>/%******FROMHOST%/%FROMHOST%_%$YEAR%.%** >>>>>>>>>> ** >>>>>>>>>> >>>>>>>>> **$MONTH%_secure" >>>>>>>> >>>>>>>> $template >>>>>>>>> >>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> DYNmaillog,"<PATH_TO>/%******FROMHOST%/%FROMHOST%_%$YEAR%.%** >>>>>>>>>> ** >>>>>>>>>> >>>>>>>>> **$MONTH%_maillo >>>>>>>> >>>>>>>> g" >>>>>>>>> >>>>>>>>>> >>>>>>>>>> $template >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> DYNcron,"<PATH_TO>/%FROMHOST%/******%FROMHOST%_%$YEAR%.%$** >>>>>>>>>>> MONTH%_**** >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> cron" >>>>>>>>>>> >>>>>>>>>>>> $template >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> DYNspooler,"<PATH_TO>/%******FROMHOST%/%FROMHOST%_%$YEAR%.%** >>>>>>>>>> ** >>>>>>>>>> >>>>>>>>> **$MONTH%_spoole >>>>>>>> >>>>>>>> r" >>>>>>>>> >>>>>>>>>> >>>>>>>>>> $template >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> DYNboot,"<PATH_TO>/%FROMHOST%/******%FROMHOST%_%$YEAR%.%$** >>>>>>>>>> MONTH%_** >>>>>>>>>> >>>>>>>>> **boot.log" >>>>>>>> >>>>>>>> $template >>>>>>>>> >>>>>>>>>> >>>>>>>>>>>> DYNtraps,"<PATH_TO>/%FROMHOST%******/%FROMHOST%_%$YEAR%.%$** >>>>>>>>>>> MONTH%** >>>>>>>>>>> >>>>>>>>>> _** >>>>>>>>>> >>>>>>>>>> traps" >>>>>>>>>>> >>>>>>>>>>>> #SET LOGGING CONDITIONS >>>>>>>>>>>> if $syslogseverity <= '6' then ?DYNmessages >>>>>>>>>>>> if $syslogfacility-text == 'authpriv' then ?DYNsecure >>>>>>>>>>>> if $syslogfacility-text == 'mail' then ?DYNmaillog >>>>>>>>>>>> if $syslogfacility-text == 'cron' then ?DYNcron >>>>>>>>>>>> if $syslogseverity-text == 'crit' then ?DYNspooler >>>>>>>>>>>> if $syslogfacility-text == 'local7' then ?DYNboot >>>>>>>>>>>> if $syslogfacility-text == 'local6' and $syslogseverity-text == >>>>>>>>>>>> >>>>>>>>>>>> 'WARNING' >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> then ?DYNtraps >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Here is my logfile when I try to start rsyslog as a non-root >>>>>>>>>>>> >>>>>>>>>>>> user: >>>>>>>>>>> >>>>>>>>>> >>>>>>>> 2012-01-31T15:45:52.997693+02:******00 <hostname> rsyslogd: >>>>>>>>> [origin >>>>>>>>> >>>>>>>>>> software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info=" >>>>>>>>>>>> http://www.rsyslog.com";] start >>>>>>>>>>>> 2012-01-31T15:45:52.997294+02:******00 <hostname> rsyslogd: >>>>>>>>>>>> bind: >>>>>>>>>>>> >>>>>>>>>>>> Permission >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> denied >>>>>>>>>>> >>>>>>>>>>>> 2012-01-31T15:45:52.997369+02:******00 <hostname> rsyslogd: >>>>>>>>>>>> bind: >>>>>>>>>>>> >>>>>>>>>>>> Permission >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> denied >>>>>>>>>>> >>>>>>>>>>>> 2012-01-31T15:45:52.997374+02:******00 <hostname> rsyslogd: No >>>>>>>>>>>> UDP >>>>>>>>>>>> >>>>>>>>>>>> listen >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> socket >>>>>>>>>>> >>>>>>>>>>>> could successfully be initialized, message reception via UDP >>>>>>>>>>>> >>>>>>>>>>>> disabled. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> 2012-01-31T15:45:52.997376+02:******00 <hostname> rsyslogd: >>>>>>>>>>> imudp: >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> no >>>>>>>>>>> >>>>>>>>>> >>>>>>>> listeners >>>>>>>>> >>>>>>>>>> could be started, input not activated. >>>>>>>>>>>> 2012-01-31T15:45:52.997379+02:******00 <hostname> rsyslogd3: >>>>>>>>>>>> >>>>>>>>>>>> activation >>>>>>>>>>> >>>>>>>>>> >>>>>>>> of >>>>>>>>> >>>>>>>>>> >>>>>>>>>> module >>>>>>>>>>> >>>>>>>>>>>> imudp failed [try http://www.rsyslog.com/e/-3 ] >>>>>>>>>>>> 2012-01-31T15:45:52.997643+02:******00 <hostname> >>>>>>>>>>>> rsyslogd-2077: >>>>>>>>>>>> >>>>>>>>>>>> Could >>>>>>>>>>> >>>>>>>>>> >>>>>>>> not >>>>>>>>> >>>>>>>>>> >>>>>>>>>> create >>>>>>>>>>> >>>>>>>>>>>> tcp listener, ignoring port 514. [try >>>>>>>>>>>> >>>>>>>>>>>> http://www.rsyslog.com/e/2077 >>>>>>>>>>> >>>>>>>>>> >>>>>>>> ] >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> So permissions to bind and sockets seems to be the problem... >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> yes, you cannot bind to ports <1024 as a normal user (without >>>>>>>>>>> >>>>>>>>>>> making >>>>>>>>>> >>>>>>>>> >>>>>>>> some >>>>>>>>> >>>>>>>>>> >>>>>>>>>> other non-standard changes through sysctl) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 1. Is it possible to make rsyslog write logfiles as a non-root >>>>>>>>>>> >>>>>>>>>>> user >>>>>>>>>> >>>>>>>>> >>>>>>>> - if >>>>>>>>> >>>>>>>>>> >>>>>>>>>> yes: how ? >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> permission drop features >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 2a. Is it possible to add permissions for non-root user to run >>>>>>>>>>> >>>>>>>>>>> rsyslog >>>>>>>>>> >>>>>>>>>> server - if yes: how ? >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> pick a listening port > 1024 and it should work. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 2b. How do I start rsyslog during boot as non-root user - can >>>>>>>>>>> >>>>>>>>>>> chkconfig do >>>>>>>>>> >>>>>>>>>> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ? >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> su can run a command as a different user. >>>>>>>>>>> >>>>>>>>>>> although as Rainer points out, you may just be looking for the >>>>>>>>>>> >>>>>>>>>>> permission >>>>>>>>>> >>>>>>>>>> dropping features that are already in rsyslog. >>>>>>>>>>> >>>>>>>>>>> David Lang >>>>>>>>>>> >>>>>>>>>>> ______________________________******_________________ >>>>>>>>>>> rsyslog mailing list >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> http://lists.adiscon.net/******mailman/listinfo/rsyslog<http://lists.adiscon.net/****mailman/listinfo/rsyslog> >>>>>>>>>> <http:**//lists.adiscon.net/**mailman/**listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>> <http:**//lists.adisco <http://lists.adisco> >>>>>>>> >>>>>>>> >>>>>>>> n.net/mailman/listinfo/**rsyslog**<http://n.net/mailman/listinfo/rsyslog**> >>>>>>>>> > >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> http://www.rsyslog.com/******professional-<http://www.rsyslog.com/****professional-> >>>>>>>>>>> <http://www.**rsyslog.com/**professional-<http://www.rsyslog.com/**professional-> >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>>> services/<http://www.rsyslog.****com/professional-services/<ht* >>>>>>>>>> *tp://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> ______________________________****_________________ >>>>>>>>>>> >>>>>>>>>> rsyslog mailing list >>>>>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>>>>>> > >>>>>>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>>> ______________________________****_________________ >>>>>>>>> rsyslog mailing list >>>>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>>>>> > >>>>>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>>>>>>> > >>>>>>>>> >>>>>>>>> ______________________________****_________________ >>>>>>>>> >>>>>>>> rsyslog mailing list >>>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>>>> > >>>>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>>>>>> > >>>>>>>> >>>>>>>> ______________________________****_________________ >>>>>>> rsyslog mailing list >>>>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>>>> > >>>>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>>>>> > >>>>>>> >>>>>>> >>>>>>> >>>>>> ______________________________****_________________ >>>>>> >>>>> rsyslog mailing list >>>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>>> > >>>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>>> > >>>>> >>>>> ______________________________****_________________ >>>>> >>>> rsyslog mailing list >>>> http://lists.adiscon.net/****mailman/listinfo/rsyslog<http://lists.adiscon.net/**mailman/listinfo/rsyslog> >>>> <http:**//lists.adiscon.net/mailman/**listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >>>> > >>>> http://www.rsyslog.com/****professional-services/<http://www.rsyslog.com/**professional-services/> >>>> <http://**www.rsyslog.com/professional-**services/<http://www.rsyslog.com/professional-services/> >>>> > >>>> >>>> >>> >>> ______________________________**_________________ >> rsyslog mailing list >> http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> >> http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> >> >> ______________________________**_________________ > rsyslog mailing list > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adiscon.net/mailman/listinfo/rsyslog> > http://www.rsyslog.com/**professional-services/<http://www.rsyslog.com/professional-services/> > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
