Unable to run syslog-ng 3.0.4 as non-root on solaris 10
Hi, Yesterday I upgraded syslog-ng on our central log server from 2.0.5 to 3.0.4 . The OS is solaris 10. Prior to the upgrade I was able to run syslog-ng as a non-root user with the following command: /usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -u syslogng -g syslogng -p /etc/syslog-ng/syslog-ng.pid After the upgrade I get the following error using the same command: Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Permission denied (13)' Error initializing source driver; source='gateway', id='gateway#0' Error initializing message pipeline; If I remove the -u and -g arguments the daemon runs without issues. Same physical server, OS, and user account prior to the upgrade. I tried the verbose and debug arguments, when starting syslog-ng, but only get the above error. The syslog.conf file is posted below. I compiled from source using the following options: ./configure --enable-debug --disable-ipv6 --enable-dynamic-linking --enable-pcre --enable-ssl --disable-glibtest --disable-tcp-wrapper Thanks, Jeff ******************************* /usr/local/sbin/syslog-ng --version ******************************* Compile-Date: Aug 13 2009 16:25:43 Enable-Threads: off Enable-Debug: on Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: on Enable-Sun-Door: on Enable-IPv6: off Enable-Spoof-Source: off Enable-TCP-Wrapper: off Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: off Enable-Pcre: on ***************************** syslog-ng.conf ***************************** @version:3.0 # # options { use_dns(persist_only); dns_cache_hosts(/etc/hosts); keep_hostname(yes); check_hostname(yes); #normalize_hostnames(yes); stats_freq(3600); log_fifo_size(2000); flush_lines(5); bad_hostname(Corrupt); bad_hostname(disk); bad_hostname(drive); }; # local for messages coming in locally source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); }; # Gateway for UDP Syslog messages. This is the default source gateway { udp(ip("0.0.0.0") port(514)); }; template default_template { template("$DATE $HOST $PROGRAM[$PID]: $MESSAGE\n"); template_escape(no); }; # Where to write the incoming log files to. destination hosts { file("/opt/log/clients/new_clients/$HOST/$YEAR-$MONTH-$DAY.$FACILITY" owner(syslogng) group(syslogng) perm(0644) dir_perm(0755) dir_group(syslogng) dir_owner(syslogng) create_dirs(yes) template (default_template)); }; destination backuphost1 { tcp("xxx.xxx.xxx.xxx" port(1468)); }; destination backuphost2 { udp("xxx.xxx.xxx.xxx " port(514)); }; filter Windows_filter { program(MSWinEventLog) and match("Name: Installer" value("$MESSAGE") flags("ignore-case")) or match("Name: MGLdap" value("$MESSAGE") flags("ignore-case")) or match("Special privileges assigned to new logon" value("$MESSAGE")) or match("Authentication Ticket Request" value("$MESSAGE")) or match("Process: Kerberos" value("$MESSAGE")); }; filter RSS_filter { match("Bad protocol version" value("$MESSAGE")) or match("Did not receive identification string" value("$MESSAGE")) or facility(user); }; log { source(gateway); filter(Windows_filter); flags(final); }; log { source(gateway); filter(RSS_filter); flags(final); }; log { source(gateway); destination(hosts); destination(backuphost1); }; log { source(local); destination(hosts); destination(backuphost1); destination(backuphost2); }; ________________________________ ----------------------------------------------------------------------- This e-mail is intended for the addressee shown. It contains information that is confidential and protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons or unauthorized employees of the intended organizations is strictly prohibited. The contents of this email do not necessarily represent the views or policies of PSCU Financial Services.
Hi, On Fri, Aug 14, 2009 at 3:20 PM, Jeffrey Psolla<JPsolla@pscufs.com> wrote:
Hi,
Yesterday I upgraded syslog-ng on our central log server from 2.0.5 to 3.0.4 . The OS is solaris 10. Prior to the upgrade I was able to run syslog-ng as a non-root user with the following command:
/usr/local/sbin/syslog-ng -f /etc/syslog-ng/syslog-ng.conf -u syslogng -g syslogng -p /etc/syslog-ng/syslog-ng.pid
After the upgrade I get the following error using the same command:
Error binding socket; addr='AF_INET(0.0.0.0:514)', error='Permission denied (13)'
Are you sure you were running syslog-ng in the past with *exactly the same* configuration? Traditionally on unix systems ports 1-1023 are reserved so non-privileged processes can't bind to these. BTW is the port unused? Regards, Sandor
Hi All! On Fri, 2009-08-14 at 09:20 -0400, Jeffrey Psolla wrote:
Yesterday I upgraded syslog-ng on our central log server from 2.0.5 to 3.0.4 . The OS is solaris 10. Prior to the upgrade I was able to run syslog-ng as a non-root user with the following command:
syslog-ng versions before 3.0 open the source files before the uid changes. But that would cause problem when syslog-ng reloading, because that time the root privileges has been already dropped, so syslog-ng cannot reopen the files. Because of this Bazsi changed the order. So you have no mysteries error when reloading syslog-ng but a clear message at starting time. The problematic file is the door file which stay in the /etc directory where non-root programs cannot write (create and/or delete files). So I think that it's not possible to run syslog-ng as non-root user on Solaris now.
On Mon, 2009-08-17 at 12:05 +0200, SZALAY Attila wrote:
Hi All!
On Fri, 2009-08-14 at 09:20 -0400, Jeffrey Psolla wrote:
Yesterday I upgraded syslog-ng on our central log server from 2.0.5 to 3.0.4 . The OS is solaris 10. Prior to the upgrade I was able to run syslog-ng as a non-root user with the following command:
syslog-ng versions before 3.0 open the source files before the uid changes. But that would cause problem when syslog-ng reloading, because that time the root privileges has been already dropped, so syslog-ng cannot reopen the files.
Just to clarify, but Sasa is right here: syslog-ng 2.1 and before initialized the configuration right _before_ changing the user/group setting. However this means that whenever you reload the configuration with a SIGHUP, you'll get a problem and you can only restart syslog-ng. Thus, syslog-ng 3.0 changed this, we change user/group setting _before_ initializing the configuration file. However I see no easy way out, unless you also sacrifice configuration reloads. I might add a --delay-setuid command line option, if you are willing to sacrifice reloads. Are you?
Because of this Bazsi changed the order. So you have no mysteries error when reloading syslog-ng but a clear message at starting time.
The problematic file is the door file which stay in the /etc directory where non-root programs cannot write (create and/or delete files).
So I think that it's not possible to run syslog-ng as non-root user on Solaris now.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Bazsi
participants (4)
-
Balazs Scheidler
-
Jeffrey Psolla
-
Sandor Geller
-
SZALAY Attila