Bug#429243: stopped working, SSH stopped logging failures!
On Wed, 2009-09-02 at 16:10 +0200, Gabor Gombas wrote:
> On Wed, Sep 02, 2009 at 02:30:11PM +0100, Colin Watson wrote:
>
> > > Maybe a better option would be to let rsyslog automatically create the
> > > directory for the socket if it is missing?
> >
> > If it created the socket itself as well, then that might do the job.
> > We'd need to make sure permissions were consistent.
>
> IMHO there are three cases to consider:
>
> - A package wants to specify a location that is supposed to be
> non-volatile. In this case the directory is owned by the package,
> and there is no need to auto-create. This is the case for e.g.
> postfix.
>
> - A package wants to specify a location that is (probably) volatile. In
> this case the package already has to have code to create the directory
> and fix the permissions if needed. This is the case for openssh.
>
> - The sysadmin wants to add an extra listener location.
>
> For the first two cases, it's not really the job of rsyslog etc. to get
> the permissions right, so always using root:root & mode 755 is enough.
> For the last case, being able to specify the default owner/permissions
> in the syslog config. file would be nice, but it is not in the scope of
> this bug report.
I have added the functionality to v5 and immediately done a backport to
v4-devel, patch is here:
http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=5f76568d3707cbbadfa3767558ded52cf5f27f47
A backport, if desired, should be fairly easy to lower versions of
rsyslog. However, I will not do that, because development (and thus
addition of new features) is closed from the rsyslog POV on these older
releases.
See the doc on the new $InputUnixListenSocketCreatePath directive, I
have included a sample for openssh at the bottom of the page:
http://www.rsyslog.com/doc-imuxsock.html
I have not yet provided the capability to specify owner/permissions, but
it would be fairly easy. However, I prefer to get some feedback from the
field before I do so (aka "I would like to see that somebody actually
needs it before I spent even little time on this feature" ;)).
I have done brief, but not elaborate testing of the new functionality.
Bug reports are very welcome.
I hope this new feature is useful and solves the issue.
Rainer
Reply to: