Mailing List Archive

Could not open dynamic file/Permission denied
We astrated getting failures with rsyslog a few weeks back, and cannot find
any evidence of any change being mader at that time. Long story short,
inherited system, has been working/running for years, sans problems. I have
checked forums/internet, checked permissions on the DIR where logs are
stored, but again, no changes have been made, very minimal amount of
folks have access. Logs stored on a Netapp, no changes or issues there.

rsyslogd: Could not open dynamic file '/[path]/[date].log' [state -3000] -
discarding message [v8.24.0-57.el7_9.2]
rsyslogd: omfile: creating parent directories for file 'Permission denied'
failed /[path]/[date].log [v8.24.0-57.el7_9.2]


rsyslog.conf looks as such (PrivDropToUser/PrivDropToGroup added based on
forums, was not there before)
# rsyslog configuration file
$umask 0000
$FileCreateMode 0660
$DirCreateMode 0755
$FileGroup *[ADMN GRP]*
$PrivDropToUser * [ADMN USR]*
$PrivDropToGroup *[ADMN GRP]*

Not familiar with rsyslog, any insight appreciated.



*__________________________________________Mike Michael*
*Dominion Enterprises*


*Non-disclosure and Confidentiality Disclaimer*
This e-mail and any attachments thereto may contain confidential
information and/or information protected by intellectual property rights
for the exclusive attention of the intended addressees named above. If you
have received this transmission in error, please immediately notify the
sender by return e-mail and delete this message and its attachments.
Unauthorized use, copying, printing, retention or further full or partial
distribution of this e-mail or its contents is prohibited.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
check directory permissions and check SELinux/AppArmor permissions.

We really aren't going to be able to make much better guesses without seeing the
full config.

David Lang

On Wed, 20 Apr 2022, Mike Michael via rsyslog wrote:

> Date: Wed, 20 Apr 2022 14:44:15 -0400
> From: Mike Michael via rsyslog <rsyslog@lists.adiscon.com>
> Reply-To: mike.michael@dominionenterprises.com,
> rsyslog-users <rsyslog@lists.adiscon.com>
> To: rsyslog@lists.adiscon.com
> Cc: Mike Michael <mike.michael@dominionenterprises.com>
> Subject: [rsyslog] Could not open dynamic file/Permission denied
>
> We astrated getting failures with rsyslog a few weeks back, and cannot find
> any evidence of any change being mader at that time. Long story short,
> inherited system, has been working/running for years, sans problems. I have
> checked forums/internet, checked permissions on the DIR where logs are
> stored, but again, no changes have been made, very minimal amount of
> folks have access. Logs stored on a Netapp, no changes or issues there.
>
> rsyslogd: Could not open dynamic file '/[path]/[date].log' [state -3000] -
> discarding message [v8.24.0-57.el7_9.2]
> rsyslogd: omfile: creating parent directories for file 'Permission denied'
> failed /[path]/[date].log [v8.24.0-57.el7_9.2]
>
>
> rsyslog.conf looks as such (PrivDropToUser/PrivDropToGroup added based on
> forums, was not there before)
> # rsyslog configuration file
> $umask 0000
> $FileCreateMode 0660
> $DirCreateMode 0755
> $FileGroup *[ADMN GRP]*
> $PrivDropToUser * [ADMN USR]*
> $PrivDropToGroup *[ADMN GRP]*
>
> Not familiar with rsyslog, any insight appreciated.
>
>
>
> *__________________________________________Mike Michael*
> *Dominion Enterprises*
>
>
> *Non-disclosure and Confidentiality Disclaimer*
> This e-mail and any attachments thereto may contain confidential
> information and/or information protected by intellectual property rights
> for the exclusive attention of the intended addressees named above. If you
> have received this transmission in error, please immediately notify the
> sender by return e-mail and delete this message and its attachments.
> Unauthorized use, copying, printing, retention or further full or partial
> distribution of this e-mail or its contents is prohibited.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
Thank you David! Sorry, the entire conf file is below. Again the only thing
I touched, and this was in an attempt to fix, was adding the
$PrivDropToUser/Group (which makes ntro change is present or commented out).

# rsyslog configuration file
$umask 0000
$FileCreateMode 0660
$DirCreateMode 0755
$FileGroup *[ADMN GRP]*
$PrivDropToUser * [ADMN USR]*
$PrivDropToGroup *[ADMN GRP]*
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see
http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of
imuxsoc
k.
$ModLoad imuxsock # provides support for local system logging (e.g. via
logger c
ommand)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
$CreateDirs on

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

#$template FromIp,"/var/log/dis-syslog/%FROMHOST-IP%.log"
#. ?FromIp & ~

#$template FromIp,"/var/log/rsyslog_LOGS/%FROMHOST-IP%.log"
#$template
FromIp,"/var/log/rsyslog_LOG/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%[%FROM
HOST-IP%].log"
$template FromIp,"/rsyslog_DIR/%HOSTNAME%/%$YEAR%/%$MONTH%/%$now%.log"
*.* ?FromIp
#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually
not re
quired,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.*
# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages
*.emerg :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###

>
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
so I see nothing in the included file that writes to a dynamic filename, and no
template that matches the error you posted earlier, so there is additional
configuration that you didn't post here.

Also we would need to see the permissions for the directory this is trying to
write to (including SELinux/AppArmor permissions, -Z for ls for SELinux
permissions)

David Lang

On Wed, 20 Apr 2022, Mike Michael wrote:

> Date: Wed, 20 Apr 2022 15:40:10 -0400
> From: Mike Michael <mike.michael@dominionenterprises.com>
> To: David Lang <david@lang.hm>
> Cc: rsyslog-users <rsyslog@lists.adiscon.com>
> Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
>
> Thank you David! Sorry, the entire conf file is below. Again the only thing
> I touched, and this was in an attempt to fix, was adding the
> $PrivDropToUser/Group (which makes ntro change is present or commented out).
>
> # rsyslog configuration file
> $umask 0000
> $FileCreateMode 0660
> $DirCreateMode 0755
> $FileGroup *[ADMN GRP]*
> $PrivDropToUser * [ADMN USR]*
> $PrivDropToGroup *[ADMN GRP]*
> # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
> # If you experience problems, see
> http://www.rsyslog.com/doc/troubleshoot.html
>
> #### MODULES ####
>
> # The imjournal module bellow is now used as a message source instead of
> imuxsoc
> k.
> $ModLoad imuxsock # provides support for local system logging (e.g. via
> logger c
> ommand)
> $ModLoad imjournal # provides access to the systemd journal
> #$ModLoad imklog # reads kernel messages (the same are read from journald)
> #$ModLoad immark # provides --MARK-- message capability
> $CreateDirs on
>
> # Provides UDP syslog reception
> $ModLoad imudp
> $UDPServerRun 514
>
> # Provides TCP syslog reception
> $ModLoad imtcp
> $InputTCPServerRun 514
>
> #$template FromIp,"/var/log/dis-syslog/%FROMHOST-IP%.log"
> #. ?FromIp & ~
>
> #$template FromIp,"/var/log/rsyslog_LOGS/%FROMHOST-IP%.log"
> #$template
> FromIp,"/var/log/rsyslog_LOG/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%[%FROM
> HOST-IP%].log"
> $template FromIp,"/rsyslog_DIR/%HOSTNAME%/%$YEAR%/%$MONTH%/%$now%.log"
> *.* ?FromIp
> #### GLOBAL DIRECTIVES ####
>
> # Where to place auxiliary files
> $WorkDirectory /var/lib/rsyslog
>
> # Use default timestamp format
> $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
>
> # File syncing capability is disabled by default. This feature is usually
> not re
> quired,
> # not useful and an extreme performance hit
> #$ActionFileEnableSync on
>
> # Include all config files in /etc/rsyslog.d/
> $IncludeConfig /etc/rsyslog.d/*.conf
>
> # Turn off message reception via local log socket;
> # local messages are retrieved through imjournal now.
> $OmitLocalLogging on
>
> # File to store the position in the journal
> $IMJournalStateFile imjournal.state
>
>
> #### RULES ####
>
> # Log all kernel messages to the console.
> # Logging much else clutters up the screen.
> #kern.* /dev/console
>
> # Log anything (except mail) of level info or higher.
> # Don't log private authentication messages!
> *.info;mail.none;authpriv.none;cron.none /var/log/messages
>
> # The authpriv file has restricted access.
> authpriv.* /var/log/secure
>
> # Log all the mail messages in one place.
> mail.*
> # Log cron stuff
> cron.* /var/log/cron
>
> # Everybody gets emergency messages
> *.emerg :omusrmsg:*
>
> # Save news errors of level crit and higher in a special file.
> uucp,news.crit /var/log/spooler
>
> # Save boot messages also to boot.log
> local7.* /var/log/boot.log
>
>
> # ### begin forwarding rule ###
> # The statement between the begin ... end define a SINGLE forwarding
> # rule. They belong together, do NOT split them. If you create multiple
> # forwarding rules, duplicate the whole block!
> # Remote Logging (we use TCP for reliable delivery)
> #
> # An on-disk queue is created for this action. If the remote host is
> # down, messages are spooled to disk and sent when it is up again.
> #$ActionQueueFileName fwdRule1 # unique name prefix for spool files
> #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
> #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
> #$ActionQueueType LinkedList # run asynchronously
> #$ActionResumeRetryCount -1 # infinite retries if host is down
> # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
> #*.* @@remote-host:514
> # ### end of the forwarding rule ###
>
>>
>>
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
>
> This is the directory. I think this is what you mean? DIS is the group
listed as [ADMN GRP] previously. Thank you for looking at thism, again
first experience with rsyslog and was inherited.


drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
since you just added the permission changes to the rsyslog config, they are
almost certain to be the cause of the grief.

the standard unix permissions of the directory look good, I don't know your
system enough to say if the SELinux permissions are good or not (hopefully
someone else can comment on those)

are you possibly trying to write to files that were created with an earlier
config and so while the directory would give you permission to create a new
file, the existing file has permissions that would block you?

This is not anything specific to rsyslog, this is plain admin stuff to track
down what's wrong with the permissions and fix it.

David Lang

On Wed, 20 Apr 2022, Mike Michael wrote:

> Date: Wed, 20 Apr 2022 16:52:05 -0400
> From: Mike Michael <mike.michael@dominionenterprises.com>
> To: David Lang <david@lang.hm>
> Cc: rsyslog-users <rsyslog@lists.adiscon.com>
> Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
>
>>
>> This is the directory. I think this is what you mean? DIS is the group
> listed as [ADMN GRP] previously. Thank you for looking at thism, again
> first experience with rsyslog and was inherited.
>
>
> drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
I would suggest to sudo -i into the user in question and manually try to
create the same file. It will most probably give you the same problem (if
it is a permission issue). Else it's selinux or friends.

Rainer

Sent from phone, thus brief.

David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 20. Apr.
2022, 22:59:

> since you just added the permission changes to the rsyslog config, they
> are
> almost certain to be the cause of the grief.
>
> the standard unix permissions of the directory look good, I don't know
> your
> system enough to say if the SELinux permissions are good or not (hopefully
> someone else can comment on those)
>
> are you possibly trying to write to files that were created with an
> earlier
> config and so while the directory would give you permission to create a
> new
> file, the existing file has permissions that would block you?
>
> This is not anything specific to rsyslog, this is plain admin stuff to
> track
> down what's wrong with the permissions and fix it.
>
> David Lang
>
> On Wed, 20 Apr 2022, Mike Michael wrote:
>
> > Date: Wed, 20 Apr 2022 16:52:05 -0400
> > From: Mike Michael <mike.michael@dominionenterprises.com>
> > To: David Lang <david@lang.hm>
> > Cc: rsyslog-users <rsyslog@lists.adiscon.com>
> > Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
> >
> >>
> >> This is the directory. I think this is what you mean? DIS is the group
> > listed as [ADMN GRP] previously. Thank you for looking at thism, again
> > first experience with rsyslog and was inherited.
> >
> >
> > drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR
> >
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
In case of SELinux problems it's usually easiest to use audit2why and/or
audit2allow instead of digging in manually. But you have to take the
suggestions from audit2allow with a pinch of salt sometimes.

MK

On 21.04.2022 08:07, Rainer Gerhards via rsyslog wrote:
> I would suggest to sudo -i into the user in question and manually try to
> create the same file. It will most probably give you the same problem (if
> it is a permission issue). Else it's selinux or friends.
>
> Rainer
>
> Sent from phone, thus brief.
>
> David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 20. Apr.
> 2022, 22:59:
>
>> since you just added the permission changes to the rsyslog config, they
>> are
>> almost certain to be the cause of the grief.
>>
>> the standard unix permissions of the directory look good, I don't know
>> your
>> system enough to say if the SELinux permissions are good or not (hopefully
>> someone else can comment on those)
>>
>> are you possibly trying to write to files that were created with an
>> earlier
>> config and so while the directory would give you permission to create a
>> new
>> file, the existing file has permissions that would block you?
>>
>> This is not anything specific to rsyslog, this is plain admin stuff to
>> track
>> down what's wrong with the permissions and fix it.
>>
>> David Lang
>>
>> On Wed, 20 Apr 2022, Mike Michael wrote:
>>
>>> Date: Wed, 20 Apr 2022 16:52:05 -0400
>>> From: Mike Michael <mike.michael@dominionenterprises.com>
>>> To: David Lang <david@lang.hm>
>>> Cc: rsyslog-users <rsyslog@lists.adiscon.com>
>>> Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
>>>
>>>> This is the directory. I think this is what you mean? DIS is the group
>>> listed as [ADMN GRP] previously. Thank you for looking at thism, again
>>> first experience with rsyslog and was inherited.
>>>
>>>
>>> drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR
>>>
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
Thank you for all the replies! So I opened the dir in question to 777 and
still errors. I can manually create a dir and file as myself and as root
(presuming rsyslog runs as root, I did not see a specification in the conf
file otherwise). I have also removed the $PrivDropTo lines because they
were not present originally, added in troubleshooting. So this system has
been running for like 3 years, the person that set it up left 2 years ago,
and it has just been running. We noticed the issues in March, but it has
not been a real priority, but we do need to get it working again. And no
changes have been made, aside from troubleshooting, nobody logs in this
instance. I looked for any sort of changes at all on any systems around the
time this started not logging, and we have nothing listed.

? rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor
preset: enabled)
Active: active (running) since Mon 2022-04-25 09:22:03 EDT; 28s ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 8194 (rsyslogd)
CGroup: /system.slice/rsyslog.service
??8194 /usr/sbin/rsyslogd -n

Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
'/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
directories for file 'Permission denied' failed...7_9.2]
Hint: Some lines were ellipsized, use -l to show in full.

The directory in question
drwxrwxrwx. 35 root root 28672 Nov 4 12:08 rsyslog_DIR


On Thu, Apr 21, 2022 at 2:07 AM Rainer Gerhards via rsyslog <
rsyslog@lists.adiscon.com> wrote:

> I would suggest to sudo -i into the user in question and manually try to
> create the same file. It will most probably give you the same problem (if
> it is a permission issue). Else it's selinux or friends.
>
> Rainer
>
> Sent from phone, thus brief.
>
> David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 20.
> Apr.
> 2022, 22:59:
>
> > since you just added the permission changes to the rsyslog config, they
> > are
> > almost certain to be the cause of the grief.
> >
> > the standard unix permissions of the directory look good, I don't know
> > your
> > system enough to say if the SELinux permissions are good or not
> (hopefully
> > someone else can comment on those)
> >
> > are you possibly trying to write to files that were created with an
> > earlier
> > config and so while the directory would give you permission to create a
> > new
> > file, the existing file has permissions that would block you?
> >
> > This is not anything specific to rsyslog, this is plain admin stuff to
> > track
> > down what's wrong with the permissions and fix it.
> >
> > David Lang
> >
> > On Wed, 20 Apr 2022, Mike Michael wrote:
> >
> > > Date: Wed, 20 Apr 2022 16:52:05 -0400
> > > From: Mike Michael <mike.michael@dominionenterprises.com>
> > > To: David Lang <david@lang.hm>
> > > Cc: rsyslog-users <rsyslog@lists.adiscon.com>
> > > Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
> > >
> > >>
> > >> This is the directory. I think this is what you mean? DIS is the group
> > > listed as [ADMN GRP] previously. Thank you for looking at thism, again
> > > first experience with rsyslog and was inherited.
> > >
> > >
> > > drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR
> > >
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> > DON'T LIKE THAT.
> >
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
if you can write to the file as yourself and root and set the permissions to
777, then it's going to be selinux/Apparmor that's blocking you. It's not
uncommon for processes to get different permissions at startup than if your run
them as root (in theory this adds security in that it limits the damage that can
be done if the service has a bug, in practice, if the purpose of the system is
to run that particular service, there's nothing else interesting on the system,
so it doesn't help)

there was a post earlier on good ways to troubleshoot selinux problems

Redhat uses SELinux, Ubuntu uses AppArmor.

David Lang

On Mon, 25 Apr 2022, Mike Michael via rsyslog wrote:

> Date: Mon, 25 Apr 2022 09:47:21 -0400
> From: Mike Michael via rsyslog <rsyslog@lists.adiscon.com>
> Reply-To: mike.michael@dominionenterprises.com,
> rsyslog-users <rsyslog@lists.adiscon.com>
> To: rsyslog-users <rsyslog@lists.adiscon.com>
> Cc: Mike Michael <mike.michael@dominionenterprises.com>
> Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
>
> Thank you for all the replies! So I opened the dir in question to 777 and
> still errors. I can manually create a dir and file as myself and as root
> (presuming rsyslog runs as root, I did not see a specification in the conf
> file otherwise). I have also removed the $PrivDropTo lines because they
> were not present originally, added in troubleshooting. So this system has
> been running for like 3 years, the person that set it up left 2 years ago,
> and it has just been running. We noticed the issues in March, but it has
> not been a real priority, but we do need to get it working again. And no
> changes have been made, aside from troubleshooting, nobody logs in this
> instance. I looked for any sort of changes at all on any systems around the
> time this started not logging, and we have nothing listed.
>
> ? rsyslog.service - System Logging Service
> Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor
> preset: enabled)
> Active: active (running) since Mon 2022-04-25 09:22:03 EDT; 28s ago
> Docs: man:rsyslogd(8)
> http://www.rsyslog.com/doc/
> Main PID: 8194 (rsyslogd)
> CGroup: /system.slice/rsyslog.service
> ??8194 /usr/sbin/rsyslogd -n
>
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> directories for file 'Permission denied' failed...7_9.2]
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> directories for file 'Permission denied' failed...7_9.2]
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> directories for file 'Permission denied' failed...7_9.2]
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> directories for file 'Permission denied' failed...7_9.2]
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> directories for file 'Permission denied' failed...7_9.2]
> Hint: Some lines were ellipsized, use -l to show in full.
>
> The directory in question
> drwxrwxrwx. 35 root root 28672 Nov 4 12:08 rsyslog_DIR
>
>
> On Thu, Apr 21, 2022 at 2:07 AM Rainer Gerhards via rsyslog <
> rsyslog@lists.adiscon.com> wrote:
>
>> I would suggest to sudo -i into the user in question and manually try to
>> create the same file. It will most probably give you the same problem (if
>> it is a permission issue). Else it's selinux or friends.
>>
>> Rainer
>>
>> Sent from phone, thus brief.
>>
>> David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 20.
>> Apr.
>> 2022, 22:59:
>>
>> > since you just added the permission changes to the rsyslog config, they
>> > are
>> > almost certain to be the cause of the grief.
>> >
>> > the standard unix permissions of the directory look good, I don't know
>> > your
>> > system enough to say if the SELinux permissions are good or not
>> (hopefully
>> > someone else can comment on those)
>> >
>> > are you possibly trying to write to files that were created with an
>> > earlier
>> > config and so while the directory would give you permission to create a
>> > new
>> > file, the existing file has permissions that would block you?
>> >
>> > This is not anything specific to rsyslog, this is plain admin stuff to
>> > track
>> > down what's wrong with the permissions and fix it.
>> >
>> > David Lang
>> >
>> > On Wed, 20 Apr 2022, Mike Michael wrote:
>> >
>> > > Date: Wed, 20 Apr 2022 16:52:05 -0400
>> > > From: Mike Michael <mike.michael@dominionenterprises.com>
>> > > To: David Lang <david@lang.hm>
>> > > Cc: rsyslog-users <rsyslog@lists.adiscon.com>
>> > > Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
>> > >
>> > >>
>> > >> This is the directory. I think this is what you mean? DIS is the group
>> > > listed as [ADMN GRP] previously. Thank you for looking at thism, again
>> > > first experience with rsyslog and was inherited.
>> > >
>> > >
>> > > drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR
>> > >
>> > _______________________________________________
>> > rsyslog mailing list
>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> > DON'T LIKE THAT.
>> >
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
Thanks David, I will go down the SELinux rabbithole since we are CentOS.
Just weird it broke seemingly out of the blue.




On Mon, Apr 25, 2022 at 10:10 AM David Lang <david@lang.hm> wrote:

> if you can write to the file as yourself and root and set the permissions
> to
> 777, then it's going to be selinux/Apparmor that's blocking you. It's not
> uncommon for processes to get different permissions at startup than if
> your run
> them as root (in theory this adds security in that it limits the damage
> that can
> be done if the service has a bug, in practice, if the purpose of the
> system is
> to run that particular service, there's nothing else interesting on the
> system,
> so it doesn't help)
>
> there was a post earlier on good ways to troubleshoot selinux problems
>
> Redhat uses SELinux, Ubuntu uses AppArmor.
>
> David Lang
>
> On Mon, 25 Apr 2022, Mike Michael via rsyslog wrote:
>
> > Date: Mon, 25 Apr 2022 09:47:21 -0400
> > From: Mike Michael via rsyslog <rsyslog@lists.adiscon.com>
> > Reply-To: mike.michael@dominionenterprises.com,
> > rsyslog-users <rsyslog@lists.adiscon.com>
> > To: rsyslog-users <rsyslog@lists.adiscon.com>
> > Cc: Mike Michael <mike.michael@dominionenterprises.com>
> > Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
> >
> > Thank you for all the replies! So I opened the dir in question to 777 and
> > still errors. I can manually create a dir and file as myself and as root
> > (presuming rsyslog runs as root, I did not see a specification in the
> conf
> > file otherwise). I have also removed the $PrivDropTo lines because they
> > were not present originally, added in troubleshooting. So this system has
> > been running for like 3 years, the person that set it up left 2 years
> ago,
> > and it has just been running. We noticed the issues in March, but it has
> > not been a real priority, but we do need to get it working again. And no
> > changes have been made, aside from troubleshooting, nobody logs in this
> > instance. I looked for any sort of changes at all on any systems around
> the
> > time this started not logging, and we have nothing listed.
> >
> > ? rsyslog.service - System Logging Service
> > Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled;
> vendor
> > preset: enabled)
> > Active: active (running) since Mon 2022-04-25 09:22:03 EDT; 28s ago
> > Docs: man:rsyslogd(8)
> > http://www.rsyslog.com/doc/
> > Main PID: 8194 (rsyslogd)
> > CGroup: /system.slice/rsyslog.service
> > ??8194 /usr/sbin/rsyslogd -n
> >
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> > directories for file 'Permission denied' failed...7_9.2]
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> > directories for file 'Permission denied' failed...7_9.2]
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> > directories for file 'Permission denied' failed...7_9.2]
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> > directories for file 'Permission denied' failed...7_9.2]
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
> > directories for file 'Permission denied' failed...7_9.2]
> > Hint: Some lines were ellipsized, use -l to show in full.
> >
> > The directory in question
> > drwxrwxrwx. 35 root root 28672 Nov 4 12:08 rsyslog_DIR
> >
> >
> > On Thu, Apr 21, 2022 at 2:07 AM Rainer Gerhards via rsyslog <
> > rsyslog@lists.adiscon.com> wrote:
> >
> >> I would suggest to sudo -i into the user in question and manually try to
> >> create the same file. It will most probably give you the same problem
> (if
> >> it is a permission issue). Else it's selinux or friends.
> >>
> >> Rainer
> >>
> >> Sent from phone, thus brief.
> >>
> >> David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 20.
> >> Apr.
> >> 2022, 22:59:
> >>
> >> > since you just added the permission changes to the rsyslog config,
> they
> >> > are
> >> > almost certain to be the cause of the grief.
> >> >
> >> > the standard unix permissions of the directory look good, I don't know
> >> > your
> >> > system enough to say if the SELinux permissions are good or not
> >> (hopefully
> >> > someone else can comment on those)
> >> >
> >> > are you possibly trying to write to files that were created with an
> >> > earlier
> >> > config and so while the directory would give you permission to create
> a
> >> > new
> >> > file, the existing file has permissions that would block you?
> >> >
> >> > This is not anything specific to rsyslog, this is plain admin stuff to
> >> > track
> >> > down what's wrong with the permissions and fix it.
> >> >
> >> > David Lang
> >> >
> >> > On Wed, 20 Apr 2022, Mike Michael wrote:
> >> >
> >> > > Date: Wed, 20 Apr 2022 16:52:05 -0400
> >> > > From: Mike Michael <mike.michael@dominionenterprises.com>
> >> > > To: David Lang <david@lang.hm>
> >> > > Cc: rsyslog-users <rsyslog@lists.adiscon.com>
> >> > > Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
> >> > >
> >> > >>
> >> > >> This is the directory. I think this is what you mean? DIS is the
> group
> >> > > listed as [ADMN GRP] previously. Thank you for looking at thism,
> again
> >> > > first experience with rsyslog and was inherited.
> >> > >
> >> > >
> >> > > drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR
> >> > >
> >> > _______________________________________________
> >> > rsyslog mailing list
> >> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> > http://www.rsyslog.com/professional-services/
> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad
> >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >> > DON'T LIKE THAT.
> >> >
> >> _______________________________________________
> >> rsyslog mailing list
> >> https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> http://www.rsyslog.com/professional-services/
> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> >> DON'T LIKE THAT.
> >>
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Could not open dynamic file/Permission denied [ In reply to ]
I temporarily disabled SELinux and it did fix, so I will now troubleshoot
why. Thanks for a;ll the help and insight everyone!


On Mon, Apr 25, 2022 at 10:12 AM Mike Michael <
mike.michael@dominionenterprises.com> wrote:

> Thanks David, I will go down the SELinux rabbithole since we are CentOS.
> Just weird it broke seemingly out of the blue.
>
>
>
>
> On Mon, Apr 25, 2022 at 10:10 AM David Lang <david@lang.hm> wrote:
>
>> if you can write to the file as yourself and root and set the permissions
>> to
>> 777, then it's going to be selinux/Apparmor that's blocking you. It's not
>> uncommon for processes to get different permissions at startup than if
>> your run
>> them as root (in theory this adds security in that it limits the damage
>> that can
>> be done if the service has a bug, in practice, if the purpose of the
>> system is
>> to run that particular service, there's nothing else interesting on the
>> system,
>> so it doesn't help)
>>
>> there was a post earlier on good ways to troubleshoot selinux problems
>>
>> Redhat uses SELinux, Ubuntu uses AppArmor.
>>
>> David Lang
>>
>> On Mon, 25 Apr 2022, Mike Michael via rsyslog wrote:
>>
>> > Date: Mon, 25 Apr 2022 09:47:21 -0400
>> > From: Mike Michael via rsyslog <rsyslog@lists.adiscon.com>
>> > Reply-To: mike.michael@dominionenterprises.com,
>> > rsyslog-users <rsyslog@lists.adiscon.com>
>> > To: rsyslog-users <rsyslog@lists.adiscon.com>
>> > Cc: Mike Michael <mike.michael@dominionenterprises.com>
>> > Subject: Re: [rsyslog] Could not open dynamic file/Permission denied
>> >
>> > Thank you for all the replies! So I opened the dir in question to 777
>> and
>> > still errors. I can manually create a dir and file as myself and as root
>> > (presuming rsyslog runs as root, I did not see a specification in the
>> conf
>> > file otherwise). I have also removed the $PrivDropTo lines because they
>> > were not present originally, added in troubleshooting. So this system
>> has
>> > been running for like 3 years, the person that set it up left 2 years
>> ago,
>> > and it has just been running. We noticed the issues in March, but it has
>> > not been a real priority, but we do need to get it working again. And no
>> > changes have been made, aside from troubleshooting, nobody logs in this
>> > instance. I looked for any sort of changes at all on any systems around
>> the
>> > time this started not logging, and we have nothing listed.
>> >
>> > ? rsyslog.service - System Logging Service
>> > Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled;
>> vendor
>> > preset: enabled)
>> > Active: active (running) since Mon 2022-04-25 09:22:03 EDT; 28s ago
>> > Docs: man:rsyslogd(8)
>> > http://www.rsyslog.com/doc/
>> > Main PID: 8194 (rsyslogd)
>> > CGroup: /system.slice/rsyslog.service
>> > ??8194 /usr/sbin/rsyslogd -n
>> >
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
>> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
>> > directories for file 'Permission denied' failed...7_9.2]
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
>> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
>> > directories for file 'Permission denied' failed...7_9.2]
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
>> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
>> > directories for file 'Permission denied' failed...7_9.2]
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
>> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
>> > directories for file 'Permission denied' failed...7_9.2]
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file
>> > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2]
>> > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent
>> > directories for file 'Permission denied' failed...7_9.2]
>> > Hint: Some lines were ellipsized, use -l to show in full.
>> >
>> > The directory in question
>> > drwxrwxrwx. 35 root root 28672 Nov 4 12:08 rsyslog_DIR
>> >
>> >
>> > On Thu, Apr 21, 2022 at 2:07 AM Rainer Gerhards via rsyslog <
>> > rsyslog@lists.adiscon.com> wrote:
>> >
>> >> I would suggest to sudo -i into the user in question and manually try
>> to
>> >> create the same file. It will most probably give you the same problem
>> (if
>> >> it is a permission issue). Else it's selinux or friends.
>> >>
>> >> Rainer
>> >>
>> >> Sent from phone, thus brief.
>> >>
>> >> David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 20.
>> >> Apr.
>> >> 2022, 22:59:
>> >>
>> >> > since you just added the permission changes to the rsyslog config,
>> they
>> >> > are
>> >> > almost certain to be the cause of the grief.
>> >> >
>> >> > the standard unix permissions of the directory look good, I don't
>> know
>> >> > your
>> >> > system enough to say if the SELinux permissions are good or not
>> >> (hopefully
>> >> > someone else can comment on those)
>> >> >
>> >> > are you possibly trying to write to files that were created with an
>> >> > earlier
>> >> > config and so while the directory would give you permission to
>> create a
>> >> > new
>> >> > file, the existing file has permissions that would block you?
>> >> >
>> >> > This is not anything specific to rsyslog, this is plain admin stuff
>> to
>> >> > track
>> >> > down what's wrong with the permissions and fix it.
>> >> >
>> >> > David Lang
>> >> >
>> >> > On Wed, 20 Apr 2022, Mike Michael wrote:
>> >> >
>> >> > > Date: Wed, 20 Apr 2022 16:52:05 -0400
>> >> > > From: Mike Michael <mike.michael@dominionenterprises.com>
>> >> > > To: David Lang <david@lang.hm>
>> >> > > Cc: rsyslog-users <rsyslog@lists.adiscon.com>
>> >> > > Subject: Re: [rsyslog] Could not open dynamic file/Permission
>> denied
>> >> > >
>> >> > >>
>> >> > >> This is the directory. I think this is what you mean? DIS is the
>> group
>> >> > > listed as [ADMN GRP] previously. Thank you for looking at thism,
>> again
>> >> > > first experience with rsyslog and was inherited.
>> >> > >
>> >> > >
>> >> > > drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR
>> >> > >
>> >> > _______________________________________________
>> >> > rsyslog mailing list
>> >> > https://lists.adiscon.net/mailman/listinfo/rsyslog
>> >> > http://www.rsyslog.com/professional-services/
>> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad
>> >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>> you
>> >> > DON'T LIKE THAT.
>> >> >
>> >> _______________________________________________
>> >> rsyslog mailing list
>> >> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> >> http://www.rsyslog.com/professional-services/
>> >> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad
>> >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> >> DON'T LIKE THAT.
>> >>
>> > _______________________________________________
>> > rsyslog mailing list
>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
>> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
>> you DON'T LIKE THAT.
>
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.