<div dir="ltr">Hello Marco,<div> I tested the settings with docker, and the following configuration worked for me.</div><div><br></div><div> Created a test user/group on my <b>host</b> machine:</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><font color="#0000ff">$useradd -M -u 1500 marco</font></div></blockquote><br><div> Started a docker container:</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><font color="#0000ff">$docker run -it --network=host -v /tmp/marco:/tmp/marco balabit/syslog-ng-xenial bash</font></div></blockquote><div><br></div><div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br class="gmail-Apple-interchange-newline">Input:</div><blockquote style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial;margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font color="#0000ff">$cat marco_in.txt </font></div></div><div><div><font color="#0000ff">Hello World!</font></div></div></blockquote><br></div><div> Configuration:</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font color="#0000ff">$cat marco.conf</font></div></div><div><div><font color="#0000ff">@version: 3.14</font></div></div><div><div><font color="#0000ff"><br></font></div></div><div><div><font color="#0000ff">@include "scl.conf"</font></div></div><div><div><font color="#0000ff"><br></font></div></div><div><div><font color="#0000ff">source s_local {</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>file(</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>"/tmp/marco/marco_in.txt"</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>flags(no-parse)</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>);</font></div></div><div><div><font color="#0000ff">};</font></div></div><div><div><font color="#0000ff"><br></font></div></div><div><div><font color="#0000ff"><br></font></div></div><div><div><font color="#0000ff">destination d_logs {</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>file(</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>"/tmp/marco/marco_out.txt"</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>owner(1500)</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>group(1500)</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>perm(0200)</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>);</font></div></div><div><div><font color="#0000ff">};</font></div></div><div><div><font color="#0000ff"><br></font></div></div><div><div><font color="#0000ff"><br></font></div></div><div><div><font color="#0000ff">log { </font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>source(s_local);</font></div></div><div><div><font color="#0000ff"><span style="white-space:pre"> </span>destination(d_logs);</font></div></div><div><div><font color="#0000ff">};</font></div></div></blockquote><div><br></div><div>Running syslog-ng:</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><font color="#0000ff">root@tp:/tmp/marco# syslog-ng -Fdev -f marco.conf </font></div></blockquote><div><br></div><div>ls -hal on the host machine:</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font color="#0000ff">--w------- 1 marco marco 32 márc 2 13:15 marco_out.txt</font></div></div></blockquote><div><br></div><div>Output on the <b>host</b>:</div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><div><font color="#0000ff">$cat marco_out.txt </font></div></div><div><div><font color="#0000ff">cat: marco_out.txt: Permission denied</font></div></div></blockquote><div><br></div><div><div>Output on the <b>host</b>:</div></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><div><font color="#0000ff">$ sudo cat marco_out.txt </font></div></div><div><div><font color="#0000ff">Mar 2 12:15:01 tp Hello World!</font></div></div></blockquote><div><br></div><div><br></div><div><br></div><div>Note:</div><div> I used the UID and the GID in the syslog-ng configuration file since there is no such user/group inside my</div><div> docker container. I also tested a scenario where I use the username/groupname of the external user, but</div><div> of course in this case I have to create them with the same ID inside my container. (If I remember correctly</div><div> docker provides some basic mapping between external/internal users, but I am not sure about it.)</div><div><br></div><div><br></div><div>Br,</div><div>Laci</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 1, 2018 at 7:16 PM, Marco Mignone <span dir="ltr"><<a href="mailto:info@marcomignone.com" target="_blank">info@marcomignone.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
Just to add on this topic, I noticed that when using the docker container all the files and folders gets a permission of root:root despite of what's in the global config options (I guess because the container by default starts with the root user).<br>
<br>
Did you have any experience with this and do you know how to allow syslog-ng to set the users/groups as per the config options specified?<br>
<br>
Thanks and sorry if this is slightly off topic... but not that much in effect.<br>
<br>
Thanks,<br>
Marco<br>
<div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
</div></div></blockquote></div><br></div>