Mailing List Archive

Managing log files permissions per file
Hello,

I want to set non-default permission to the log file created for my service.

- My service is started and named in
*/etc/systemd/system/hive_manager.service.*
- Then, in */etc/rsyslog.d/hive_manager.conf* the name of the log is
defined by the following condition:

*if $programname == 'hive_manager' then /home/pi/logs/hive_manager.log*

- Finally, in */etc/rsyslog.conf * I have the following definitions:

*#*
*# Set the default permissions for all log files.*
*#*
*$FileOwner root*
*$FileGroup adm*
*$FileCreateMode 0640*
*$DirCreateMode 0755*
*$Umask 0022*

*# Include all config files in /etc/rsyslog.d/*
*#*
*$IncludeConfig /etc/rsyslog.d/*.conf*


Currently, the */home/pi/logs/hive_manager.log* is created under the root
permissions (the default). I need to configure its creation under different
user permissions.
How can I do it? I couldn't find any help with it in the relevant forums.

Thanks a lot!

Have a good day!

Alexander Birman
+972-54-7556432
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Managing log files permissions per file [ In reply to ]
specify the settings in the action() object. Doc:

https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html

side-note: I am not sure, but I think the legacy construct you quoted
just changes the setting for the next output action. But I am too lazy
to look this up, as it is not really relevant in this case. ;-)

Rainer

El jue, 3 nov 2022 a las 9:39, Alexander Birman via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> Hello,
>
> I want to set non-default permission to the log file created for my service.
>
> - My service is started and named in
> */etc/systemd/system/hive_manager.service.*
> - Then, in */etc/rsyslog.d/hive_manager.conf* the name of the log is
> defined by the following condition:
>
> *if $programname == 'hive_manager' then /home/pi/logs/hive_manager.log*
>
> - Finally, in */etc/rsyslog.conf * I have the following definitions:
>
> *#*
> *# Set the default permissions for all log files.*
> *#*
> *$FileOwner root*
> *$FileGroup adm*
> *$FileCreateMode 0640*
> *$DirCreateMode 0755*
> *$Umask 0022*
>
> *# Include all config files in /etc/rsyslog.d/*
> *#*
> *$IncludeConfig /etc/rsyslog.d/*.conf*
>
>
> Currently, the */home/pi/logs/hive_manager.log* is created under the root
> permissions (the default). I need to configure its creation under different
> user permissions.
> How can I do it? I couldn't find any help with it in the relevant forums.
>
> Thanks a lot!
>
> Have a good day!
>
> Alexander Birman
> +972-54-7556432
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Managing log files permissions per file [ In reply to ]
Also remember that if you're running rsyslog with non-root user (which
is a recommended setup for any daemon really), you will not be able to
change owner of the file (there might be exceptions like Linux process
with CAP_CHOWN).

MK

On 3.11.2022 10:05, Rainer Gerhards via rsyslog wrote:
> specify the settings in the action() object. Doc:
>
> https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html
>
> side-note: I am not sure, but I think the legacy construct you quoted
> just changes the setting for the next output action. But I am too lazy
> to look this up, as it is not really relevant in this case. ;-)
>
> Rainer
>
> El jue, 3 nov 2022 a las 9:39, Alexander Birman via rsyslog
> (<rsyslog@lists.adiscon.com>) escribió:
>> Hello,
>>
>> I want to set non-default permission to the log file created for my service.
>>
>> - My service is started and named in
>> */etc/systemd/system/hive_manager.service.*
>> - Then, in */etc/rsyslog.d/hive_manager.conf* the name of the log is
>> defined by the following condition:
>>
>> *if $programname == 'hive_manager' then /home/pi/logs/hive_manager.log*
>>
>> - Finally, in */etc/rsyslog.conf * I have the following definitions:
>>
>> *#*
>> *# Set the default permissions for all log files.*
>> *#*
>> *$FileOwner root*
>> *$FileGroup adm*
>> *$FileCreateMode 0640*
>> *$DirCreateMode 0755*
>> *$Umask 0022*
>>
>> *# Include all config files in /etc/rsyslog.d/*
>> *#*
>> *$IncludeConfig /etc/rsyslog.d/*.conf*
>>
>>
>> Currently, the */home/pi/logs/hive_manager.log* is created under the root
>> permissions (the default). I need to configure its creation under different
>> user permissions.
>> How can I do it? I couldn't find any help with it in the relevant forums.
>>
>> Thanks a lot!
>>
>> Have a good day!
>>
>> Alexander Birman
>> +972-54-7556432
>> _______________________________________________
>> rsyslog mailing list
>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Managing log files permissions per file [ In reply to ]
Hi,

thanks for answering so quickly.
The link you gave me leads to the following example:

action(type="omfile" dirCreateMode="0700" FileCreateMode="0644"
File="/var/log/messages")

This example doesn't show how I can give full permissions to a user named,
for example, "dohnjoe".
If I can't give permissions to a specific user, global full permissions are
also good for me. Like *chmod 777*
But I don't understand the numbers in rsyslog permissions system... In my
case, what numbers should I write in *FileCreatorMode* so all users get
full access?

action(type="omfile" dirCreateMode="0700" FileCreateMode="*????*"
File="/home/pi/logs/hive_manager.log")


Have a good day!

Alexander Birman
+972-54-7556432


On Thu, Nov 3, 2022 at 11:05 AM Rainer Gerhards <rgerhards@hq.adiscon.com>
wrote:

> specify the settings in the action() object. Doc:
>
> https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html
>
> side-note: I am not sure, but I think the legacy construct you quoted
> just changes the setting for the next output action. But I am too lazy
> to look this up, as it is not really relevant in this case. ;-)
>
> Rainer
>
> El jue, 3 nov 2022 a las 9:39, Alexander Birman via rsyslog
> (<rsyslog@lists.adiscon.com>) escribió:
> >
> > Hello,
> >
> > I want to set non-default permission to the log file created for my
> service.
> >
> > - My service is started and named in
> > */etc/systemd/system/hive_manager.service.*
> > - Then, in */etc/rsyslog.d/hive_manager.conf* the name of the log is
> > defined by the following condition:
> >
> > *if $programname == 'hive_manager' then /home/pi/logs/hive_manager.log*
> >
> > - Finally, in */etc/rsyslog.conf * I have the following definitions:
> >
> > *#*
> > *# Set the default permissions for all log files.*
> > *#*
> > *$FileOwner root*
> > *$FileGroup adm*
> > *$FileCreateMode 0640*
> > *$DirCreateMode 0755*
> > *$Umask 0022*
> >
> > *# Include all config files in /etc/rsyslog.d/*
> > *#*
> > *$IncludeConfig /etc/rsyslog.d/*.conf*
> >
> >
> > Currently, the */home/pi/logs/hive_manager.log* is created under the root
> > permissions (the default). I need to configure its creation under
> different
> > user permissions.
> > How can I do it? I couldn't find any help with it in the relevant forums.
> >
> > Thanks a lot!
> >
> > Have a good day!
> >
> > Alexander Birman
> > +972-54-7556432
> > _______________________________________________
> > rsyslog mailing list
> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Managing log files permissions per file [ In reply to ]
For linux file permission system see e.g.
https://linuxize.com/post/understanding-linux-file-permissions/

you can set the owner of the file. But linux permissions does not give
you the capability to grant permissions to specific users.

Raienr

El jue, 3 nov 2022 a las 10:59, Alexander Birman
(<alexander@beewise.ag>) escribió:
>
> Hi,
>
> thanks for answering so quickly.
> The link you gave me leads to the following example:
>
> action(type="omfile" dirCreateMode="0700" FileCreateMode="0644"
> File="/var/log/messages")
>
> This example doesn't show how I can give full permissions to a user named, for example, "dohnjoe".
> If I can't give permissions to a specific user, global full permissions are also good for me. Like chmod 777
> But I don't understand the numbers in rsyslog permissions system... In my case, what numbers should I write in FileCreatorMode so all users get full access?
>
> action(type="omfile" dirCreateMode="0700" FileCreateMode="????"
> File="/home/pi/logs/hive_manager.log")
>
>
> Have a good day!
>
> Alexander Birman
> +972-54-7556432
>
>
> On Thu, Nov 3, 2022 at 11:05 AM Rainer Gerhards <rgerhards@hq.adiscon.com> wrote:
>>
>> specify the settings in the action() object. Doc:
>>
>> https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html
>>
>> side-note: I am not sure, but I think the legacy construct you quoted
>> just changes the setting for the next output action. But I am too lazy
>> to look this up, as it is not really relevant in this case. ;-)
>>
>> Rainer
>>
>> El jue, 3 nov 2022 a las 9:39, Alexander Birman via rsyslog
>> (<rsyslog@lists.adiscon.com>) escribió:
>> >
>> > Hello,
>> >
>> > I want to set non-default permission to the log file created for my service.
>> >
>> > - My service is started and named in
>> > */etc/systemd/system/hive_manager.service.*
>> > - Then, in */etc/rsyslog.d/hive_manager.conf* the name of the log is
>> > defined by the following condition:
>> >
>> > *if $programname == 'hive_manager' then /home/pi/logs/hive_manager.log*
>> >
>> > - Finally, in */etc/rsyslog.conf * I have the following definitions:
>> >
>> > *#*
>> > *# Set the default permissions for all log files.*
>> > *#*
>> > *$FileOwner root*
>> > *$FileGroup adm*
>> > *$FileCreateMode 0640*
>> > *$DirCreateMode 0755*
>> > *$Umask 0022*
>> >
>> > *# Include all config files in /etc/rsyslog.d/*
>> > *#*
>> > *$IncludeConfig /etc/rsyslog.d/*.conf*
>> >
>> >
>> > Currently, the */home/pi/logs/hive_manager.log* is created under the root
>> > permissions (the default). I need to configure its creation under different
>> > user permissions.
>> > How can I do it? I couldn't find any help with it in the relevant forums.
>> >
>> > Thanks a lot!
>> >
>> > Have a good day!
>> >
>> > Alexander Birman
>> > +972-54-7556432
>> > _______________________________________________
>> > rsyslog mailing list
>> > https://lists.adiscon.net/mailman/listinfo/rsyslog
>> > http://www.rsyslog.com/professional-services/
>> > What's up with rsyslog? Follow https://twitter.com/rgerhards
>> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Managing log files permissions per file [ In reply to ]
Thanks a lot!

Have a good day!

Alexander Birman
+972-54-7556432


On Thu, Nov 3, 2022 at 1:09 PM Rainer Gerhards <rgerhards@hq.adiscon.com>
wrote:

> For linux file permission system see e.g.
> https://linuxize.com/post/understanding-linux-file-permissions/
>
> you can set the owner of the file. But linux permissions does not give
> you the capability to grant permissions to specific users.
>
> Raienr
>
> El jue, 3 nov 2022 a las 10:59, Alexander Birman
> (<alexander@beewise.ag>) escribió:
> >
> > Hi,
> >
> > thanks for answering so quickly.
> > The link you gave me leads to the following example:
> >
> > action(type="omfile" dirCreateMode="0700" FileCreateMode="0644"
> > File="/var/log/messages")
> >
> > This example doesn't show how I can give full permissions to a user
> named, for example, "dohnjoe".
> > If I can't give permissions to a specific user, global full permissions
> are also good for me. Like chmod 777
> > But I don't understand the numbers in rsyslog permissions system... In
> my case, what numbers should I write in FileCreatorMode so all users get
> full access?
> >
> > action(type="omfile" dirCreateMode="0700" FileCreateMode="????"
> > File="/home/pi/logs/hive_manager.log")
> >
> >
> > Have a good day!
> >
> > Alexander Birman
> > +972-54-7556432
> >
> >
> > On Thu, Nov 3, 2022 at 11:05 AM Rainer Gerhards <
> rgerhards@hq.adiscon.com> wrote:
> >>
> >> specify the settings in the action() object. Doc:
> >>
> >> https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html
> >>
> >> side-note: I am not sure, but I think the legacy construct you quoted
> >> just changes the setting for the next output action. But I am too lazy
> >> to look this up, as it is not really relevant in this case. ;-)
> >>
> >> Rainer
> >>
> >> El jue, 3 nov 2022 a las 9:39, Alexander Birman via rsyslog
> >> (<rsyslog@lists.adiscon.com>) escribió:
> >> >
> >> > Hello,
> >> >
> >> > I want to set non-default permission to the log file created for my
> service.
> >> >
> >> > - My service is started and named in
> >> > */etc/systemd/system/hive_manager.service.*
> >> > - Then, in */etc/rsyslog.d/hive_manager.conf* the name of the log is
> >> > defined by the following condition:
> >> >
> >> > *if $programname == 'hive_manager' then
> /home/pi/logs/hive_manager.log*
> >> >
> >> > - Finally, in */etc/rsyslog.conf * I have the following definitions:
> >> >
> >> > *#*
> >> > *# Set the default permissions for all log files.*
> >> > *#*
> >> > *$FileOwner root*
> >> > *$FileGroup adm*
> >> > *$FileCreateMode 0640*
> >> > *$DirCreateMode 0755*
> >> > *$Umask 0022*
> >> >
> >> > *# Include all config files in /etc/rsyslog.d/*
> >> > *#*
> >> > *$IncludeConfig /etc/rsyslog.d/*.conf*
> >> >
> >> >
> >> > Currently, the */home/pi/logs/hive_manager.log* is created under the
> root
> >> > permissions (the default). I need to configure its creation under
> different
> >> > user permissions.
> >> > How can I do it? I couldn't find any help with it in the relevant
> forums.
> >> >
> >> > Thanks a lot!
> >> >
> >> > Have a good day!
> >> >
> >> > Alexander Birman
> >> > +972-54-7556432
> >> > _______________________________________________
> >> > rsyslog mailing list
> >> > https://lists.adiscon.net/mailman/listinfo/rsyslog
> >> > http://www.rsyslog.com/professional-services/
> >> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
> myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if
> you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Managing log files permissions per file [ In reply to ]
In linux you can also fiddle with ACLs but I don't think that rsyslog
has direct support for managing them (why should it?). and the default
ACLs on directory are a bit confusing and are definitely not something
to dig into when one doesn't feel good with "normal" unix permissions.

On 3.11.2022 12:08, Rainer Gerhards via rsyslog wrote:
> For linux file permission system see e.g.
> https://linuxize.com/post/understanding-linux-file-permissions/
>
> you can set the owner of the file. But linux permissions does not give
> you the capability to grant permissions to specific users.
>
> Raienr
>
> El jue, 3 nov 2022 a las 10:59, Alexander Birman
> (<alexander@beewise.ag>) escribió:
>> Hi,
>>
>> thanks for answering so quickly.
>> The link you gave me leads to the following example:
>>
>> action(type="omfile" dirCreateMode="0700" FileCreateMode="0644"
>> File="/var/log/messages")
>>
>> This example doesn't show how I can give full permissions to a user named, for example, "dohnjoe".
>> If I can't give permissions to a specific user, global full permissions are also good for me. Like chmod 777
>> But I don't understand the numbers in rsyslog permissions system... In my case, what numbers should I write in FileCreatorMode so all users get full access?
>>
>> action(type="omfile" dirCreateMode="0700" FileCreateMode="????"
>> File="/home/pi/logs/hive_manager.log")
>>
>>
>> Have a good day!
>>
>> Alexander Birman
>> +972-54-7556432
>>
>>
>> On Thu, Nov 3, 2022 at 11:05 AM Rainer Gerhards <rgerhards@hq.adiscon.com> wrote:
>>> specify the settings in the action() object. Doc:
>>>
>>> https://www.rsyslog.com/doc/v8-stable/configuration/modules/omfile.html
>>>
>>> side-note: I am not sure, but I think the legacy construct you quoted
>>> just changes the setting for the next output action. But I am too lazy
>>> to look this up, as it is not really relevant in this case. ;-)
>>>
>>> Rainer
>>>
>>> El jue, 3 nov 2022 a las 9:39, Alexander Birman via rsyslog
>>> (<rsyslog@lists.adiscon.com>) escribió:
>>>> Hello,
>>>>
>>>> I want to set non-default permission to the log file created for my service.
>>>>
>>>> - My service is started and named in
>>>> */etc/systemd/system/hive_manager.service.*
>>>> - Then, in */etc/rsyslog.d/hive_manager.conf* the name of the log is
>>>> defined by the following condition:
>>>>
>>>> *if $programname == 'hive_manager' then /home/pi/logs/hive_manager.log*
>>>>
>>>> - Finally, in */etc/rsyslog.conf * I have the following definitions:
>>>>
>>>> *#*
>>>> *# Set the default permissions for all log files.*
>>>> *#*
>>>> *$FileOwner root*
>>>> *$FileGroup adm*
>>>> *$FileCreateMode 0640*
>>>> *$DirCreateMode 0755*
>>>> *$Umask 0022*
>>>>
>>>> *# Include all config files in /etc/rsyslog.d/*
>>>> *#*
>>>> *$IncludeConfig /etc/rsyslog.d/*.conf*
>>>>
>>>>
>>>> Currently, the */home/pi/logs/hive_manager.log* is created under the root
>>>> permissions (the default). I need to configure its creation under different
>>>> user permissions.
>>>> How can I do it? I couldn't find any help with it in the relevant forums.
>>>>
>>>> Thanks a lot!
>>>>
>>>> Have a good day!
>>>>
>>>> Alexander Birman
>>>> +972-54-7556432
>>>> _______________________________________________
>>>> rsyslog mailing list
>>>> https://lists.adiscon.net/mailman/listinfo/rsyslog
>>>> http://www.rsyslog.com/professional-services/
>>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.