9

I'm trying to change the owner and group of a log to a different user than what is is rsyslog.conf, which has:

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

I have a custom .conf file in /etc/rsyslog.d/99-custom.conf which consists of:

#Set the ownership to xxxxx
#$FileOwner xxxxx

# Send datastore logs to separate file

if $programname == 'datastore' then {
    action(
        type="omfile"
        FileCreateMode="0644"
        FileGroup="xxxxx"
        FileOwner="xxxxx"
        File="/var/log/folder/datastore.log"
    )
#/var/log/folder/datastore.log
~
}

#$FileOwner xxxxx
local6.*                -/var/log/folder/datastore.log
local6.notice           -/var/log/folder/notice.log

#Reset file ownership to root
#$FileOwner root

I have tried the old and new syntax but the permissions will read:

-rw-r--r--  1 syslog syslog  263 Nov  8 15:40 datastore.log

Only when I set the $PrivDropToUser and $PrivDropToGroup to root it comes out as:

-rw-r--r--  1 xxxxx xxxxx  263 Nov  8 15:45 datastore.log

Any ideas why??

Andy
  • 91
  • 1
  • 1
  • 3

1 Answers1

5

According to this documentation page, the PrivDropToUser and PrivDropToGroup directives tell rsyslog which user/group to become after initial startup. I would hypothesize that the syslog user doesn't have adequate permissions to create files as other users, while root does.

From my reading of the above page, I think the intent is that if you want your log files owned by a lower-level user, you would put that user in ProvDropToUser; e.g. $PrivDropToUser xxxxx $PrivDropToGroup xxxxx.

You also need to ensure that the folder your log files are meant to be written in allows write access by the user from PrivDropToUser or group from PrivDropToGroup.

I found this page trying to find out how to make my web app's log files readable by my app, and thought I'd share what I've found since there's no answer. I'm no expert though.

Thank you for your question, it helped me find my own answer.

Kamil Maciorowski
  • 69,815
  • 22
  • 136
  • 202
Joe Carey
  • 51
  • 1
  • 3