[Bug 484336] Re: /etc/rsyslog.conf permissions incorrect/missing for creation of dynamic files

Brian Candler 484336 at bugs.launchpad.net
Thu Nov 17 13:55:12 UTC 2011 

No, that's the same.

Commenting out those lines makes rsyslogd run as root (which is very
dangerous)

Setting $PrivDropToGroup adm (to match $FileGroup adm) is a less
dangerous solution to the problem, although still not ideal from a
security point of view.

Now, rsyslogd has sufficient rights to create the directory and even to
create the file with 0 byte size - but decines to append to it. strace
-f -p <pid> shows:

...
[pid 29688] access("/var/log/network/2011/11/17/rtr1-13.log", F_OK) = 0
[pid 29688] open("/var/log/network/2011/11/17/rtr1-13.log", O_WRONLY|O_CREAT|O_NOCTTY|O_APPEND|O_LARGEFILE|O_CLOEXEC, 0640) = 1
[pid 29688] fchown32(1, 101, 4)         = -1 EPERM (Operation not permitted)
...

Aha: so rsyslogd is trying to chown to syslog:adm, but it cannot because
it is running as syslog:syslog!

IMO this should be treated as a non-fatal error, as creating files owned
by syslog:syslog when running as syslog:syslog is a reasonable thing to
do.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/484336

Title:
  /etc/rsyslog.conf permissions incorrect/missing for creation of
  dynamic files

Status in “rsyslog” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: rsyslog

  When using templates to create dynamic directories and files with
  rsyslog, rsyslog can create the directories, but does not have the
  appropriate permissions to create files within them.

  By default, directories created by rsyslog are owned root:root and
  generates an error in /var/log/syslog as follows:

                      rsyslogd: Cout not open dynamic file '...' -
  discarding message

  Furthermore, adding $DirOwner and $DirGroup to match those of
  $FileOwner and $FileGroup, the setting '$PrivDropToGroup syslog'
  further prevents rsyslog from creating dynamic files.  Setting
  '$PrivDropToGroup adm' resolves this issue.

  Attached is a patch that corrects these issues.

  Rich

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/484336/+subscriptions

More information about the foundations-bugs mailing list