Thanks for the privdrop hint. After finding the rsyslog doc I decided
to keep the benefits of privdrop. I'm testing tweaking the perms of
the initial log file and attempting to make logrotate play nicely with
rsyslog.
$ cat /etc/logrotate.d/testvan
/srv/sdrop/xfer/log/testvan.log {
rotate 7
missingok
notifempty
size 500k
delaycompress
compress
create 0460 xfer adm
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
On Sun, Aug 17, 2014 at 7:47 PM, David Lang <[email protected]> wrote:
> Try eliminating the privdrop, that can have some 'interesting' interactions
> with permissions.
>
> David Lang
>
>
> On Sun, 17 Aug 2014, Jon wrote:
>
>> On on Ubuntu Server 14.04.1 64bit install, I am not able to persuade
>> rsyslog to create a custom log with correct user and group
>> ownership.
>>
>> The resulting log file (testvan.log) has correct content but has
>> `syslog:syslog`
>> ownership rather than `xfer:adm` ownership as requested via `action(...)`
>> in my custom config shown below.
>>
>> $ ll -d /srv/sdrop/xfer/log
>> drwxrwxr-x 2 xfer adm 4096 2014-08-16 13:24:42 /srv/sdrop/xfer/log/
>>
>>
>> $ ll /srv/sdrop/xfer/log
>> -rw-r----- 1 syslog syslog 61 2014-08-16 13:24:42 testvan.log
>>
>>
>> I suspect this is my problem rather than rsyslog's but have been
>> unable to resolve. What am I doing wrong?
>>
>>
>>
>> === ENVIRONMENT and CONFIG ===
>>
>> $ uname -a
>> Linux tester 3.13.0-34-generic #60-Ubuntu SMP Wed Aug 13 15:45:27 UTC
>> 2014 x86_64 x86_64 x86_64 GNU/Linux
>>
>>
>> $ rsyslogd -N1
>> rsyslogd: version 7.4.4, config validation run (level 1), master
>> config /etc/rsyslog.conf
>> rsyslogd: End of config validation run. Bye.
>> $ echo $?
>> 0
>>
>>
>> $ cat /etc/rsyslog.conf
>> ...SNIP...
>> # Set the default permissions for all log files.
>> #
>> $FileOwner syslog
>> $FileGroup adm
>> $FileCreateMode 0640
>> $DirCreateMode 0755
>> $Umask 0022
>> $PrivDropToUser syslog
>> $PrivDropToGroup syslog
>> ...SNIP...
>> # Include all config files in /etc/rsyslog.d/
>> #
>> $IncludeConfig /etc/rsyslog.d/*.conf
>>
>>
>> $ cat /etc/rsyslog.d/50-default.conf
>> ...SNIP...
>> *.*;auth,authpriv.none,local3.
>> none -/var/log/syslog
>> ...SNIP...
>>
>>
>> # my custom rsyslog configuration to create
>> `/srv/sdrop/xfer/log/testvan.log` content
>> # when scripted similar to `logger -p local3.info "my custom log message"
>> $ cat /etc/rsyslog.d/40-testvan.conf
>> template(name="testvan" type="string"
>> string="[%timegenerated:::date-rfc3339%] %syslogtag%%msg%\n")
>> local3.* action(type="omfile"
>> file="/srv/sdrop/xfer/log/testvan.log" template="testvan"
>> fileCreateMode="0640" fileOwner="xfer" fileGroup="adm")
>>
>>
>> $ cat /etc/passwd | grep -E '\badm|\bsyslog|\bxfer'
>> syslog:x:101:103::/home/syslog:/bin/false
>> xfer:x:1002:1003::/srv/sdrop/xfer:/usr/sbin/nologin
>>
>>
>> $ cat /etc/group | grep -E '\badm|\bsyslog|\bxfer'
>> adm:x:4:jon,syslog
>> syslog:x:103:
>> xfer:x:1003:
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
>> LIKE THAT.
>>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
