[rsyslog] rsyslog as non-root user

Michael Maymann michael at maymann.org
Thu Feb 2 10:39:52 CET 2012


Hi,

Rainer: Sorry... forgot to mention that it doesn't say anything about
failing in the logs... and it actually doesn't fail... it works and after
the timeout+failed notice only the proccess owned by PrivDropToUser-USER is
present, but now owned by the init-proccess (mother proccess dies):
# service rsyslog start
Starting system logger:                                    [FAILED]

BEFORE failed status:
root      9126  9125  0 11:07 pts/1    00:00:00 /usr/sbin/rsyslogd -c 6
<PrivDropToUser-USER>  9131  9126  0 11:07 ?        00:00:00
/usr/sbin/rsyslogd -c 6

AFTER failed status root-owned proccess is killed and PrivDropToUser-USER
owned proccess is therefore gets owned by init:
<PrivDropToUser-USER>  9131     1  0 11:07 ?        00:00:00
/usr/sbin/rsyslogd -c 6

Anyone who can help with this...?:
here is the debug output when starting running the init-script:
#/etc/init.d/rsyslog start
+ . /etc/init.d/functions
++ TEXTDOMAIN=initscripts
++ umask 022
++ PATH=/sbin:/usr/sbin:/bin:/usr/bin
++ export PATH
++ '[' -z '' ']'
++ COLUMNS=80
++ '[' -z '' ']'
+++ /sbin/consoletype
++ CONSOLETYPE=pty
++ '[' -f /etc/sysconfig/i18n -a -z '' -a -z '' ']'
++ . /etc/profile.d/lang.sh
++ unset LANGSH_SOURCED
++ '[' -z '' ']'
++ '[' -f /etc/sysconfig/init ']'
++ . /etc/sysconfig/init
+++ BOOTUP=color
+++ RES_COL=60
+++ MOVE_TO_COL='echo -en \033[60G'
+++ SETCOLOR_SUCCESS='echo -en \033[0;32m'
+++ SETCOLOR_FAILURE='echo -en \033[0;31m'
+++ SETCOLOR_WARNING='echo -en \033[0;33m'
+++ SETCOLOR_NORMAL='echo -en \033[0;39m'
+++ PROMPT=yes
+++ AUTOSWAP=no
+++ ACTIVE_CONSOLES='/dev/tty[1-6]'
+++ SINGLE=/sbin/sushell
++ '[' pty = serial ']'
++
__sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d'
+ RETVAL=0
+ PIDFILE=/var/run/syslogd.pid
+ prog=rsyslogd
+ exec=/usr/sbin/rsyslogd
+ lockfile=/var/lock/subsys/rsyslogd
+ case "$1" in
+ start
+ '[' -x /usr/sbin/rsyslogd ']'
+ '[' -f /etc/sysconfig/rsyslog ']'
+ . /etc/sysconfig/rsyslog
++ SYSLOGD_OPTIONS='-c 6'
+ umask 077
+ echo -n 'Starting system logger: '
Starting system logger: + daemon --pidfile=/var/run/syslogd.pid
/usr/sbin/rsyslogd -c 6
+ local gotbase= force= nicelevel corelimit
+ local pid base= user= nice= bg= pid_file=
+ local cgroup=
+ nicelevel=0
+ '[' --pidfile=/var/run/syslogd.pid '!=' -pidfile=/var/run/syslogd.pid ']'
+ case $1 in
+ pid_file=/var/run/syslogd.pid
+ shift
+ '[' /usr/sbin/rsyslogd '!=' /usr/sbin/rsyslogd ']'
+ '[' -z '' ']'
+ base=rsyslogd
+ __pids_var_run rsyslogd /var/run/syslogd.pid
+ local base=rsyslogd
+ local pid_file=/var/run/syslogd.pid
+ pid=
+ '[' -f /var/run/syslogd.pid ']'
+ return 3
+ '[' -n '' -a -z '' ']'
+ corelimit='ulimit -S -c 0'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' color = verbose -a -z '' ']'
+ '[' -z '' ']'
+ /bin/bash -c 'ulimit -S -c 0 >/dev/null 2>&1 ; /usr/sbin/rsyslogd -c 6'
...
(hangs here for a long time)
...
+ '[' 1 -eq 0 ']'
+ failure 'rsyslogd startup'
+ local rc=1
+ '[' color '!=' verbose -a -z '' ']'
+ echo_failure
+ '[' color = color ']'
+ echo -en '\033[60G'
                                                           + echo -n '['
[+ '[' color = color ']'
+ echo -en '\033[0;31m'
+ echo -n FAILED
FAILED+ '[' color = color ']'
+ echo -en '\033[0;39m'
+ echo -n ']'
]+ echo -ne '\r'
+ return 1
+ '[' -x /usr/bin/plymouth ']'
+ /usr/bin/plymouth --details
+ return 1
+ RETVAL=1
+ echo

+ '[' 1 -eq 0 ']'
+ return 1
+ exit 1

I have tried to give 777-access to /var/run and /var/lock/subsys - but same
thing happens...


Thanks in advance :-) !

Br.
~maymann


2012/2/2 Rainer Gerhards <rgerhards at hq.adiscon.com>

> I can only help you with that part if you point me to why exactly the
> script
> claims what it does. So you may want to try find someone who can do that. I
> know this is probably a trivial question, but I don't know anything ;)
>
> Sry, rainer
>
> > -----Original Message-----
> > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > bounces at lists.adiscon.com] On Behalf Of Michael Maymann
> > Sent: Thursday, February 02, 2012 10:03 AM
> > To: rsyslog-users
> > Subject: Re: [rsyslog] rsyslog as non-root user
> >
> > Here is my startup script... only thing changed is the path to the new
> > 6.3.6-rsyslog-devel binary.
> > The startup-scripts works also perfectly when i comment out the
> > PrivDropToUser+PrivDropToGroup in /etc/rsyslog.conf - but failes if i
> > have
> > both or one of the entries...:
> > #!/bin/bash
> > #
> > # rsyslog        Starts rsyslogd/rklogd.
> > #
> > #
> > # chkconfig: 2345 12 88
> > # description: Syslog is the facility by which many daemons use to log
> > \
> > # messages to various system log files.  It is a good idea to always \
> > # run rsyslog.
> > ### BEGIN INIT INFO
> > # Provides: $syslog
> > # Required-Start: $local_fs
> > # Required-Stop: $local_fs
> > # Default-Start:  2 3 4 5
> > # Default-Stop: 0 1 6
> > # Short-Description: Enhanced system logging and kernel message
> > trapping
> > daemons
> > # Description: Rsyslog is an enhanced multi-threaded syslogd
> > supporting,
> > #              among others, MySQL, syslog/tcp, RFC 3195, permitted
> > #              sender lists, filtering on any message part, and fine
> > #              grain output format control.
> > ### END INIT INFO
> >
> > # Source function library.
> > . /etc/init.d/functions
> >
> > RETVAL=0
> > PIDFILE=/var/run/syslogd.pid
> >
> > prog=rsyslogd
> > #exec=/sbin/rsyslogd
> > exec=/usr/sbin/rsyslogd
> > lockfile=/var/lock/subsys/$prog
> >
> > start() {
> >         [ -x $exec ] || exit 5
> >
> >         # Source config
> >         if [ -f /etc/sysconfig/rsyslog ] ; then
> >                 . /etc/sysconfig/rsyslog
> >         fi
> >         umask 077
> >
> >         echo -n $"Starting system logger: "
> >         daemon --pidfile="${PIDFILE}" $exec $SYSLOGD_OPTIONS
> >         RETVAL=$?
> >         echo
> >         [ $RETVAL -eq 0 ] && touch $lockfile
> >         return $RETVAL
> > }
> > stop() {
> >         echo -n $"Shutting down system logger: "
> >         killproc $prog
> >         RETVAL=$?
> >         echo
> >         [ $RETVAL -eq 0 ] && rm -f $lockfile
> >         return $RETVAL
> > }
> > reload()  {
> >     RETVAL=1
> >     syslog=$(cat "${PIDFILE}" 2>/dev/null)
> >     echo -n "Reloading system logger..."
> >     if [ -n "${syslog}" ] && [ -e /proc/"${syslog}" ]; then
> >         kill -HUP "$syslog";
> >         RETVAL=$?
> >     fi
> >     if [ $RETVAL -ne 0 ]; then
> >         failure
> >     else
> >         success
> >     fi
> >     echo
> >     return $RETVAL
> > }
> > rhstatus() {
> >         status -p "${PIDFILE}" $prog
> > }
> > restart() {
> >         stop
> >         start
> > }
> >
> > case "$1" in
> >   start)
> >         start
> >         ;;
> >   stop)
> >         stop
> >         ;;
> >   restart)
> >         restart
> >         ;;
> >   reload|force-reload)
> >         reload
> >         ;;
> >   status)
> >         rhstatus
> >         ;;
> >   condrestart|try-restart)
> >         rhstatus >/dev/null 2>&1 || exit 0
> >         restart
> >         ;;
> >   *)
> >         echo $"Usage: $0
> > {start|stop|restart|condrestart|try-restart|reload|force-
> > reload|status}"
> >         exit 2
> > esac
> >
> > exit $?
> >
> > 2012/2/2 Rainer Gerhards <rgerhards at hq.adiscon.com>
> >
> > >
> > >
> > > > -----Original Message-----
> > > > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > > > bounces at lists.adiscon.com] On Behalf Of Michael Maymann
> > > > Sent: Wednesday, February 01, 2012 9:08 AM
> > > > To: rsyslog-users
> > > > Subject: Re: [rsyslog] rsyslog as non-root user
> > > >
> > > > Hi,
> > > >
> > > > David: thanks - got it working with permission dropping, by far my
> > > > prefered
> > > > configuration... just didn't know of it...:-) !
> > > > Rainer: please let us know if the debug info of the "permission
> > > > dropping:
> > > > hang+timeout" I send you can solve anything... anyway it works now
> > -
> > > > but
> > > > not optimal if other people have to service my setup...:-) !
> > >
> > > I have reviewed the debug log and I see nothing unexpected. From the
> > > timestamps I also see that there is no hang whatsoever. So it looks
> > like
> > > there is some problem with the startup script, which I don't know. I
> > > suggest
> > > to ask what the FAILED status is caused by. We can then look why this
> > > happens.
> > >
> > > Sorry I have no better answer...
> > > Rainer
> > >
> > > >
> > > > Thanks in advance :-) !
> > > > ~maymann
> > > >
> > > > 2012/2/1 <david at lang.hm>
> > > >
> > > > > On Tue, 31 Jan 2012, Michael Maymann wrote:
> > > > >
> > > > >  Hi,
> > > > >>
> > > > >> I have now setup a 6.3.6-devel rsyslog server that is working
> > fine
> > > > running
> > > > >> as root.
> > > > >> I would like to run it as non-root user as my logfiles are
> > located
> > > > on NFS
> > > > >> (and root export of NFS is generally not a good idea !).
> > > > >>
> > > > >> Here is my rsyslog.conf:
> > > > >> #LOAD MODULES
> > > > >> $ModLoad imudp
> > > > >> $UDPServerRun 514
> > > > >> $UDPServerAddress 127.0.0.1
> > > > >> $ModLoad imtcp
> > > > >> $InputTCPServerRun 514
> > > > >> #SET DESTINATION FOR LOGS
> > > > >> $template
> > > > >> DYNmessages,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**
> > > > >> $MONTH%_messages"
> > > > >> $template
> > > > >>
> > > >
> > DYNsecure,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_secure"
> > > > >> $template
> > > > >>
> > > >
> > DYNmaillog,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_maillo
> > > > g"
> > > > >> $template
> > > > DYNcron,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_**
> > > > >> cron"
> > > > >> $template
> > > > >>
> > > >
> > DYNspooler,"<PATH_TO>/%**FROMHOST%/%FROMHOST%_%$YEAR%.%**$MONTH%_spoole
> > > > r"
> > > > >> $template
> > > > >>
> > > >
> > DYNboot,"<PATH_TO>/%FROMHOST%/**%FROMHOST%_%$YEAR%.%$MONTH%_**boot.log"
> > > > >> $template
> > > > DYNtraps,"<PATH_TO>/%FROMHOST%**/%FROMHOST%_%$YEAR%.%$MONTH%_**
> > > > >> traps"
> > > > >> #SET LOGGING CONDITIONS
> > > > >> if $syslogseverity <= '6' then ?DYNmessages
> > > > >> if $syslogfacility-text == 'authpriv' then ?DYNsecure
> > > > >> if $syslogfacility-text == 'mail' then ?DYNmaillog
> > > > >> if $syslogfacility-text == 'cron' then ?DYNcron
> > > > >> if $syslogseverity-text == 'crit' then ?DYNspooler
> > > > >> if $syslogfacility-text == 'local7' then ?DYNboot
> > > > >> if $syslogfacility-text == 'local6' and $syslogseverity-text ==
> > > > 'WARNING'
> > > > >> then ?DYNtraps
> > > > >>
> > > > >> Here is my logfile when I try to start rsyslog as a non-root
> > user:
> > > > >> 2012-01-31T15:45:52.997693+02:**00 <hostname> rsyslogd: [origin
> > > > >> software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info="
> > > > >> http://www.rsyslog.com"] start
> > > > >> 2012-01-31T15:45:52.997294+02:**00 <hostname> rsyslogd: bind:
> > > > Permission
> > > > >> denied
> > > > >> 2012-01-31T15:45:52.997369+02:**00 <hostname> rsyslogd: bind:
> > > > Permission
> > > > >> denied
> > > > >> 2012-01-31T15:45:52.997374+02:**00 <hostname> rsyslogd: No UDP
> > > > listen
> > > > >> socket
> > > > >> could successfully be initialized, message reception via UDP
> > > > disabled.
> > > > >> 2012-01-31T15:45:52.997376+02:**00 <hostname> rsyslogd: imudp:
> > no
> > > > >> listeners
> > > > >> could be started, input not activated.
> > > > >> 2012-01-31T15:45:52.997379+02:**00 <hostname> rsyslogd3:
> > activation
> > > > of
> > > > >> module
> > > > >> imudp failed [try http://www.rsyslog.com/e/-3 ]
> > > > >> 2012-01-31T15:45:52.997643+02:**00 <hostname> rsyslogd-2077:
> > Could
> > > > not
> > > > >> create
> > > > >> tcp listener, ignoring port 514. [try
> > http://www.rsyslog.com/e/2077
> > > > ]
> > > > >>
> > > > >> So permissions to bind and sockets seems to be the problem...
> > > > >>
> > > > >
> > > > > yes, you cannot bind to ports <1024 as a normal user (without
> > making
> > > > some
> > > > > other non-standard changes through sysctl)
> > > > >
> > > > >
> > > > >  1. Is it possible to make rsyslog write logfiles as a non-root
> > user
> > > > - if
> > > > >> yes: how ?
> > > > >>
> > > > >
> > > > > permission drop features
> > > > >
> > > > >
> > > > >  2a. Is it possible to add permissions for non-root user to run
> > > > rsyslog
> > > > >> server - if yes: how ?
> > > > >>
> > > > >
> > > > > pick a listening port > 1024 and it should work.
> > > > >
> > > > >
> > > > >  2b. How do I start rsyslog during boot as non-root user - can
> > > > chkconfig do
> > > > >> this ? do I need to edit /etc/init.d/rsyslog - if yes: how ?
> > > > >>
> > > > >
> > > > > su can run a command as a different user.
> > > > >
> > > > > although as Rainer points out, you may just be looking for the
> > > > permission
> > > > > dropping features that are already in rsyslog.
> > > > >
> > > > > David Lang
> > > > >
> > > > > ______________________________**_________________
> > > > > rsyslog mailing list
> > > > >
> > > >
> > http://lists.adiscon.net/**mailman/listinfo/rsyslog<http://lists.adisco
> > > > n.net/mailman/listinfo/rsyslog>
> > > > > http://www.rsyslog.com/**professional-
> > > > services/<http://www.rsyslog.com/professional-services/>
> > > > >
> > > > _______________________________________________
> > > > rsyslog mailing list
> > > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > > http://www.rsyslog.com/professional-services/
> > > _______________________________________________
> > > rsyslog mailing list
> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > >
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
>



More information about the rsyslog mailing list