if you can write to the file as yourself and root and set the permissions to
777, then it's going to be selinux/Apparmor that's blocking you. It's not
uncommon for processes to get different permissions at startup than if your run
them as root (in theory this adds security in that it limits the damage that can
be done if the service has a bug, in practice, if the purpose of the system is
to run that particular service, there's nothing else interesting on the system,
so it doesn't help)
there was a post earlier on good ways to troubleshoot selinux problems
Redhat uses SELinux, Ubuntu uses AppArmor.
David Lang
On Mon, 25 Apr 2022, Mike Michael via rsyslog wrote:
Date: Mon, 25 Apr 2022 09:47:21 -0400
From: Mike Michael via rsyslog <rsyslog@lists.adiscon.com>
Reply-To: mike.mich...@dominionenterprises.com,
rsyslog-users <rsyslog@lists.adiscon.com>
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Mike Michael <mike.mich...@dominionenterprises.com>
Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
Thank you for all the replies! So I opened the dir in question to 777 and
still errors. I can manually create a dir and file as myself and as root
(presuming rsyslog runs as root, I did not see a specification in the conf
file otherwise). I have also removed the $PrivDropTo lines because they
were not present originally, added in troubleshooting. So this system has
been running for like 3 years, the person that set it up left 2 years ago,
and it has just been running. We noticed the issues in March, but it has
not been a real priority, but we do need to get it working again. And no
changes have been made, aside from troubleshooting, nobody logs in this
instance. I looked for any sort of changes at all on any systems around the
time this started not logging, and we have nothing listed.
● rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor
preset: enabled)
Active: active (running) since Mon 2022-04-25 09:22:03 EDT; 28s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 8194 (rsyslogd)
CGroup: /system.slice/rsyslog.service
└─8194 /usr/sbin/rsyslogd -n
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Hint: Some lines were ellipsized, use -l to show in full.
The directory in question
drwxrwxrwx. 35 root root 28672 Nov 4 12:08 rsyslog_DIR
On Thu, Apr 21, 2022 at 2:07 AM Rainer Gerhards via rsyslog <
rsyslog@lists.adiscon.com> wrote:
I would suggest to sudo -i into the user in question and manually try to
create the same file. It will most probably give you the same problem (if
it is a permission issue). Else it's selinux or friends.
Rainer
Sent from phone, thus brief.
David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 20.
Apr.
2022, 22:59:
> since you just added the permission changes to the rsyslog config, they
> are
> almost certain to be the cause of the grief.
>
> the standard unix permissions of the directory look good, I don't know
> your
> system enough to say if the SELinux permissions are good or not
(hopefully
> someone else can comment on those)
>
> are you possibly trying to write to files that were created with an
> earlier
> config and so while the directory would give you permission to create a
> new
> file, the existing file has permissions that would block you?
>
> This is not anything specific to rsyslog, this is plain admin stuff to
> track
> down what's wrong with the permissions and fix it.
>
> David Lang
>
> On Wed, 20 Apr 2022, Mike Michael wrote:
>
> > Date: Wed, 20 Apr 2022 16:52:05 -0400
> > From: Mike Michael <mike.mich...@dominionenterprises.com>
> > To: David Lang <da...@lang.hm>
> > Cc: rsyslog-users <rsyslog@lists.adiscon.com>
> > Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
> >
> >>
> >> This is the directory. I think this is what you mean? DIS is the group
> > listed as [ADMN GRP] previously. Thank you for looking at thism, again
> > first experience with rsyslog and was inherited.
> >
> >
> > drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR
> >
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
