Bug#429243: stopped working, SSH stopped logging failures!

To: Gabor Gombas <gombasg@sztaki.hu>
Cc: Colin Watson <cjwatson@debian.org>, 429243@bugs.debian.org, rsyslog@packages.debian.org
Subject: Bug#429243: stopped working, SSH stopped logging failures!
From: Rainer Gerhards <rgerhards@hq.adiscon.com>
Date: Fri, 04 Sep 2009 17:03:48 +0200
Message-id: <[🔎] 1252076628.2383.21.camel@rgf11>
Reply-to: Rainer Gerhards <rgerhards@hq.adiscon.com>, 429243@bugs.debian.org
In-reply-to: <[🔎] 20090902141003.GA1366@boogie.lpds.sztaki.hu>
References: <[🔎] 20090902090324.2225.15471.reportbug@boogie.lpds.sztaki.hu> <[🔎] 20090902095115.GA12080@riva.ucam.org> <[🔎] 1251886078.5821.3.camel@rgf11> <[🔎] 20090902124634.GB20909@boogie.lpds.sztaki.hu> <[🔎] 20090902133011.GE12080@riva.ucam.org> <[🔎] 20090902141003.GA1366@boogie.lpds.sztaki.hu>

On Wed, 2009-09-02 at 16:10 +0200, Gabor Gombas wrote:
> On Wed, Sep 02, 2009 at 02:30:11PM +0100, Colin Watson wrote:
> 
> > > Maybe a better option would be to let rsyslog automatically create the
> > > directory for the socket if it is missing?
> > 
> > If it created the socket itself as well, then that might do the job.
> > We'd need to make sure permissions were consistent.
> 
> IMHO there are three cases to consider:
> 
> - A package wants to specify a location that is supposed to be
>   non-volatile. In this case the directory is owned by the package,
>   and there is no need to auto-create. This is the case for e.g.
>   postfix.
> 
> - A package wants to specify a location that is (probably) volatile. In
>   this case the package already has to have code to create the directory
>   and fix the permissions if needed. This is the case for openssh.
> 
> - The sysadmin wants to add an extra listener location.
> 
> For the first two cases, it's not really the job of rsyslog etc. to get
> the permissions right, so always using root:root & mode 755 is enough.
> For the last case, being able to specify the default owner/permissions
> in the syslog config. file would be nice, but it is not in the scope of
> this bug report.

I have added the functionality to v5 and immediately done a backport to
v4-devel, patch is here:

http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=5f76568d3707cbbadfa3767558ded52cf5f27f47

A backport, if desired, should be fairly easy to lower versions of
rsyslog. However, I will not do that, because development (and thus
addition of new features) is closed from the rsyslog POV on these older
releases.

See the doc on the new $InputUnixListenSocketCreatePath directive, I
have included a sample for openssh at the bottom of the page:

http://www.rsyslog.com/doc-imuxsock.html

I have not yet provided the capability to specify owner/permissions, but
it would be fairly easy. However, I prefer to get some feedback from the
field before I do so (aka "I would like to see that somebody actually
needs it before I spent even little time on this feature" ;)).

I have done brief, but not elaborate testing of the new functionality.
Bug reports are very welcome.

I hope this new feature is useful and solves the issue.

Rainer

Reply to:

References:
- Bug#429243: stopped working, SSH stopped logging failures!
  - From: Gábor Gombás <gombasg@sztaki.hu>
- Bug#429243: stopped working, SSH stopped logging failures!
  - From: Colin Watson <cjwatson@debian.org>
- Bug#429243: stopped working, SSH stopped logging failures!
  - From: Rainer Gerhards <rgerhards@hq.adiscon.com>
- Bug#429243: stopped working, SSH stopped logging failures!
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Bug#429243: stopped working, SSH stopped logging failures!
  - From: Colin Watson <cjwatson@debian.org>
- Bug#429243: stopped working, SSH stopped logging failures!
  - From: Gabor Gombas <gombasg@sztaki.hu>

Prev by Date: Processed: Changing email addresses.
Next by Date: Bug#544469: Acknowledgement (ssh-askpass-gnome displays errors)
Previous by thread: Bug#429243: stopped working, SSH stopped logging failures!
Next by thread: Processed: Changing email addresses.
Index(es):
- Date
- Thread