It is important to know that the PrivDrop directive set was a quick and dirty "let's implement it as far as possible, some is better than nothing" approach. It is expected that a couple of things break if it is used. Of course, if the users has proper rights, what you intend to do should work. I just wanted to alert you on the state of this feature (a mailing list search probably brings up more, but I have no time right now to do this).
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Henry > Sent: Tuesday, September 08, 2009 12:42 PM > To: rsyslog-users > Subject: Re: [rsyslog] Could not open dynamic file ... - discarding > message > > The file (and folder) are created by the syslog user and definitely > accessible. > > But it works if i don't drop privileges. So I'll investigate this > further and report back. > > Thanks for pushing me that far. > > -- > regard, Henry > > > On Di, 2009-09-08 at 12:30 +0200, Rainer Gerhards wrote: > > Hi, > > > > I got the debug log, it was too big to be sent via the list (but I > got it as > > list admin). I see that you drop privileges to the user "syslog". > This > > probably explains what happens. I think the file is created before > you drop > > privileges, but can then no longer be written when running in the new > > security context. Could you verify that the user "syslog" can access > this > > file? Also, could you temporarily remove the Privilege drop? > > > > Thanks, > > Rainer > > > > > -----Original Message----- > > > From: [email protected] [mailto:rsyslog- > > > [email protected]] On Behalf Of Rainer Gerhards > > > Sent: Tuesday, September 08, 2009 9:55 AM > > > To: rsyslog-users > > > Subject: Re: [rsyslog] Could not open dynamic file ... - discarding > > > message > > > > > > can you provide a debug log? > > > > > > > -----Original Message----- > > > > From: [email protected] [mailto:rsyslog- > > > > [email protected]] On Behalf Of Henry > > > > Sent: Tuesday, September 08, 2009 9:04 AM > > > > To: rsyslog-users > > > > Subject: Re: [rsyslog] Could not open dynamic file ... - > discarding > > > > message > > > > > > > > Hello! > > > > > > > > Tried it with various log locations (e.g. /tmp/my.log), neither > > > worked. > > > > Is this worth ab bug? > > > > > > > > -- > > > > kind regards, Henry > > > > > > > > On Fr, 2009-09-04 at 21:25 +0200, Henry wrote: > > > > > Hi! > > > > > > > > > > This puzzels me: This is my tcprecieve config file for rsyslog > v4 > > > on > > > > > ubuntu: > > > > > > > > > > -----8<----- > > > > > $ModLoad imtcp > > > > > $InputTCPServerRun 514 > > > > > > > > > > # some dynamic templates > > > > > $template DYNlocal1,"/var/log/remote/%HOSTNAME%/local1.log" > > > > > > > > > > # log remote local1 to dynamic diretory > > > > > if $fromhost-ip != '127.0.0.1' and \ > > > > > $syslogfacility-text == 'local1' \ > > > > > then -?DYNlocal1 > > > > > ----->8----- > > > > > > > > > > I created /var/log/remote with sufficient privileges. > > > > > > > > > > Unfortunately this doesn't work. rsyslog crates a folder named > > > after > > > > the > > > > > remote host (myhostname) and creates the file local1.log > (again: > > > > > sufficient permissions: syslog:syslog 640). But it doesn't > write to > > > > that > > > > > file, but logs the error: > > > > > > > > > > -----8<----- > > > > > Could not open dynamic file > '/var/log/remote/myhostname/local1.log' > > > - > > > > > discarding message > > > > > ----->8----- > > > > > > > > > > As you might guess my question is: Why isn't rsyslog able to > open a > > > > file > > > > > it is able to create? Any help or hint is really appreciated. > > > > > > > > > > > > > _______________________________________________ > > > > rsyslog mailing list > > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > http://www.rsyslog.com > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > http://www.rsyslog.com > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
