The right approach is to use the permission drop features of rsyslog to make it itself run as non-root. I v6, it will run as root only to open critical things (like the UDP ports) and then drops privileges (in a way that never can be undone without a full restart).
HTH Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Michael Maymann > Sent: Tuesday, January 31, 2012 3:02 PM > To: [email protected] > Subject: [rsyslog] rsyslog as non-root user > > Hi, > > I have now setup a 6.3.6-devel rsyslog server that is working fine running as > root. > I would like to run it as non-root user as my logfiles are located on NFS (and > root export of NFS is generally not a good idea !). > > Here is my rsyslog.conf: > #LOAD MODULES > $ModLoad imudp > $UDPServerRun 514 > $UDPServerAddress 127.0.0.1 > $ModLoad imtcp > $InputTCPServerRun 514 > #SET DESTINATION FOR LOGS > $template > DYNmessages,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$ > MONTH%_messages" > $template > DYNsecure,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MO > NTH%_secure" > $template > DYNmaillog,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MO > NTH%_maillog" > $template > DYNcron,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONT > H%_cron" > $template > DYNspooler,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MO > NTH%_spooler" > $template > DYNboot,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONT > H%_boot.log" > $template > DYNtraps,"<PATH_TO>/%FROMHOST%/%FROMHOST%_%$YEAR%.%$MONT > H%_traps" > #SET LOGGING CONDITIONS > if $syslogseverity <= '6' then ?DYNmessages if $syslogfacility-text == > 'authpriv' then ?DYNsecure if $syslogfacility-text == 'mail' then ?DYNmaillog if > $syslogfacility-text == 'cron' then ?DYNcron if $syslogseverity-text == 'crit' > then ?DYNspooler if $syslogfacility-text == 'local7' then ?DYNboot if > $syslogfacility-text == 'local6' and $syslogseverity-text == 'WARNING' > then ?DYNtraps > > Here is my logfile when I try to start rsyslog as a non-root user: > 2012-01-31T15:45:52.997693+02:00 <hostname> rsyslogd: [origin > software="rsyslogd" swVersion="6.3.6" x-pid="26185" x-info=" > http://www.rsyslog.com";] start > 2012-01-31T15:45:52.997294+02:00 <hostname> rsyslogd: bind: Permission > denied > 2012-01-31T15:45:52.997369+02:00 <hostname> rsyslogd: bind: Permission > denied > 2012-01-31T15:45:52.997374+02:00 <hostname> rsyslogd: No UDP listen > socket could successfully be initialized, message reception via UDP disabled. > 2012-01-31T15:45:52.997376+02:00 <hostname> rsyslogd: imudp: no listeners > could be started, input not activated. > 2012-01-31T15:45:52.997379+02:00 <hostname> rsyslogd3: activation of > module imudp failed [try http://www.rsyslog.com/e/-3 ] > 2012-01-31T15:45:52.997643+02:00 <hostname> rsyslogd-2077: Could not > create tcp listener, ignoring port 514. [try http://www.rsyslog.com/e/2077 ] > > So permissions to bind and sockets seems to be the problem... > > 1. Is it possible to make rsyslog write logfiles as a non-root user - if > yes: how ? > 2a. Is it possible to add permissions for non-root user to run rsyslog server - if > yes: how ? > 2b. How do I start rsyslog during boot as non-root user - can chkconfig do this > ? do I need to edit /etc/init.d/rsyslog - if yes: how ? > > > Thanks in advance :-) ! > ~maymann > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
