[rsyslog] rsyslog as non-root user

Michael Maymann michael at maymann.org
Fri Feb 3 10:28:10 CET 2012


Hi,

Rainer: Thanks for your help.

Just to understand rsyslog: should the root-owned mother-proccess be kept
alive (sounds like the right way to do things) or is the purpose that the
motherproccess dies and child proccess gets owned by init (doesn't sound
right)

If the latter: the "&" (but in background) is sufficient:
SYSLOGD_OPTIONS="-c 6 -n &"
Otherwise I think I would somehow need to start a new shell and execute the
rsyslog command with "&", e.g.:
SYSLOGD_OPTIONS="-c 6 -n"
bash -c "daemon --pidfile=\"${PIDFILE}\" $exec $SYSLOGD_OPTIONS" &

Anyone with a working PrivDropToUser
/etc/sysconfig/rsyslog+/etc/init.d/rsyslog ?


Thanks in advance :-) !

Br.
~maymann


2012/2/3 Rainer Gerhards <rgerhards at hq.adiscon.com>

> I guess you need to understand what the init scripts demand. I don't do so
> I
> better do not provide any more comments ;)
>
> rainer
>
> > -----Original Message-----
> > From: rsyslog-bounces at lists.adiscon.com [mailto:rsyslog-
> > bounces at lists.adiscon.com] On Behalf Of Michael Maymann
> > Sent: Friday, February 03, 2012 10:04 AM
> > To: rsyslog-users
> > Subject: Re: [rsyslog] rsyslog as non-root user
> >
> > Hi,
> >
> > Rainer: thanks for your reply.
> > Tried without auto-backgrounding, here is the proccesses I see:
> > root     14814 14131  0 10:43 pts/0    00:00:00 /bin/sh /sbin/service
> > rsyslog start
> > root     14819 14814  0 10:43 pts/0    00:00:00 /bin/bash
> > /etc/init.d/rsyslog start
> > root     14822 14819  0 10:43 pts/0    00:00:00 /bin/bash -c ulimit -S
> > -c 0
> > >/dev/null 2>&1 ; /usr/sbin/rsyslogd -c 6 -n
> > <PrivDropToUser> 14823 14822  0 10:43 pts/0    00:00:00
> > /usr/sbin/rsyslogd
> > -c 6 -n
> >
> > Now it doesn't seem to timeout and kill the motherproccess...:-) !
> >
> > Only thing is it doesn't return after:
> > # service rsyslog start
> >
> > I have tried adding "&" to /etc/sysconfig/rsyslog:
> > SYSLOGD_OPTIONS="-c 6 -n &"
> > but again this kill the motherproccess... and my guess is the root-
> > owned
> > motherproccess should continue to be there - right ?
> >
> > Any idea how to implement this properly ?
> >
> >
> > Thanks in advance :-) !
> > ~maymann
> >
> >
> > 2012/2/3 Rainer Gerhards <rgerhards at hq.adiscon.com>
> >
> > > > > I have attached debug info both when PrivDropTo is enabled and
> > > > > disabled.
> > > > > Only difference I can see is the 5 minutes it takes for the
> > > > > PrivDropTo_enabled run to timeout (motherproccess dies and
> > > > > childproccess
> > > > > thereby gets owned by init)...
> > > >
> > > > Ah, it looks like you use auto-backgrounding (which is the default
> > due
> > > > to
> > > > historical reasons). You can disable that via -n. I don't know if
> > the
> > > > init
> > > > script expects auto-backgrounding or not...
> > >
> > > I should add: if auto-backgrounding is used, the parent process is
> > just a
> > > shim to start the actual instance (the child). It then waits some
> > time on
> > > the
> > > child until it is sure it has started (I haven't visited that code
> > for many
> > > years...). So it is expected that the parent terminates after a while
> > (and
> > > I
> > > think-but do not know right now- that this may take some minutes).
> > >
> > > Suggest: try without auto-backgrouning so that we know if the problem
> > is
> > > related to that Feature.
> > >
> > > rainer
> > > _______________________________________________
> > > rsyslog mailing list
> > > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > > http://www.rsyslog.com/professional-services/
> > >
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
>



More information about the rsyslog mailing list