Mailing List Archive: omprog as non root user

Hi,

Our client is adamant that they do not want applications running as the
root user.

The rsyslogd process is not a problem because it comes as a daemon process
and is packaged as part of the OS install.

However, when they see the omprog program running, it's flagged as an issue.

Is there a simple way to run the omprog program as non-root? I tried using
the su command but something goes wrong with the stdin and the program
doesn't get the expected input. Also, when the rsyslogd is restarted after
a config change, the 'su' program is killed but the program isn't killed.

binary="su user1 -c /home/user1/bin/program.sh"

running with the following is good except that program.sh shows up as a
root owned process.
binary="/home/user1/bin/program.sh"

Thanks.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

Create a totally separate instance of rsyslog running as a non-root user. In this case, when the omprog application is called it executes as the same non-root user such that su is not necessary. Then simply have the root instance forward the applicable events to the standalone instance on the same localhost.

Regards,

> On Mar 1, 2022, at 12:30, Kevin McKibbin via rsyslog <rsyslog@lists.adiscon.com> wrote:
>
> Hi,
>
> Our client is adamant that they do not want applications running as the
> root user.
>
> The rsyslogd process is not a problem because it comes as a daemon process
> and is packaged as part of the OS install.
>
> However, when they see the omprog program running, it's flagged as an issue.
>
> Is there a simple way to run the omprog program as non-root? I tried using
> the su command but something goes wrong with the stdin and the program
> doesn't get the expected input. Also, when the rsyslogd is restarted after
> a config change, the 'su' program is killed but the program isn't killed.
>
> binary="su user1 -c /home/user1/bin/program.sh"
>
> running with the following is good except that program.sh shows up as a
> root owned process.
> binary="/home/user1/bin/program.sh"
>
> Thanks.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.