Thanks David, I will go down the SELinux rabbithole since we are CentOS. Just weird it broke seemingly out of the blue.
On Mon, Apr 25, 2022 at 10:10 AM David Lang <da...@lang.hm> wrote: > if you can write to the file as yourself and root and set the permissions > to > 777, then it's going to be selinux/Apparmor that's blocking you. It's not > uncommon for processes to get different permissions at startup than if > your run > them as root (in theory this adds security in that it limits the damage > that can > be done if the service has a bug, in practice, if the purpose of the > system is > to run that particular service, there's nothing else interesting on the > system, > so it doesn't help) > > there was a post earlier on good ways to troubleshoot selinux problems > > Redhat uses SELinux, Ubuntu uses AppArmor. > > David Lang > > On Mon, 25 Apr 2022, Mike Michael via rsyslog wrote: > > > Date: Mon, 25 Apr 2022 09:47:21 -0400 > > From: Mike Michael via rsyslog <rsyslog@lists.adiscon.com> > > Reply-To: mike.mich...@dominionenterprises.com, > > rsyslog-users <rsyslog@lists.adiscon.com> > > To: rsyslog-users <rsyslog@lists.adiscon.com> > > Cc: Mike Michael <mike.mich...@dominionenterprises.com> > > Subject: Re: [rsyslog] Could not open dynamic file/Permission denied > > > > Thank you for all the replies! So I opened the dir in question to 777 and > > still errors. I can manually create a dir and file as myself and as root > > (presuming rsyslog runs as root, I did not see a specification in the > conf > > file otherwise). I have also removed the $PrivDropTo lines because they > > were not present originally, added in troubleshooting. So this system has > > been running for like 3 years, the person that set it up left 2 years > ago, > > and it has just been running. We noticed the issues in March, but it has > > not been a real priority, but we do need to get it working again. And no > > changes have been made, aside from troubleshooting, nobody logs in this > > instance. I looked for any sort of changes at all on any systems around > the > > time this started not logging, and we have nothing listed. > > > > ● rsyslog.service - System Logging Service > > Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; > vendor > > preset: enabled) > > Active: active (running) since Mon 2022-04-25 09:22:03 EDT; 28s ago > > Docs: man:rsyslogd(8) > > http://www.rsyslog.com/doc/ > > Main PID: 8194 (rsyslogd) > > CGroup: /system.slice/rsyslog.service > > └─8194 /usr/sbin/rsyslogd -n > > > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file > > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2] > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent > > directories for file 'Permission denied' failed...7_9.2] > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file > > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2] > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent > > directories for file 'Permission denied' failed...7_9.2] > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file > > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2] > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent > > directories for file 'Permission denied' failed...7_9.2] > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file > > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2] > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent > > directories for file 'Permission denied' failed...7_9.2] > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: Could not open dynamic file > > '/rsyslog_DIR/orf-syslog/2022/04/2022-04-25....7_9.2] > > Apr 25 09:22:26 orf-syslog rsyslogd[8194]: omfile: creating parent > > directories for file 'Permission denied' failed...7_9.2] > > Hint: Some lines were ellipsized, use -l to show in full. > > > > The directory in question > > drwxrwxrwx. 35 root root 28672 Nov 4 12:08 rsyslog_DIR > > > > > > On Thu, Apr 21, 2022 at 2:07 AM Rainer Gerhards via rsyslog < > > rsyslog@lists.adiscon.com> wrote: > > > >> I would suggest to sudo -i into the user in question and manually try to > >> create the same file. It will most probably give you the same problem > (if > >> it is a permission issue). Else it's selinux or friends. > >> > >> Rainer > >> > >> Sent from phone, thus brief. > >> > >> David Lang via rsyslog <rsyslog@lists.adiscon.com> schrieb am Mi., 20. > >> Apr. > >> 2022, 22:59: > >> > >> > since you just added the permission changes to the rsyslog config, > they > >> > are > >> > almost certain to be the cause of the grief. > >> > > >> > the standard unix permissions of the directory look good, I don't know > >> > your > >> > system enough to say if the SELinux permissions are good or not > >> (hopefully > >> > someone else can comment on those) > >> > > >> > are you possibly trying to write to files that were created with an > >> > earlier > >> > config and so while the directory would give you permission to create > a > >> > new > >> > file, the existing file has permissions that would block you? > >> > > >> > This is not anything specific to rsyslog, this is plain admin stuff to > >> > track > >> > down what's wrong with the permissions and fix it. > >> > > >> > David Lang > >> > > >> > On Wed, 20 Apr 2022, Mike Michael wrote: > >> > > >> > > Date: Wed, 20 Apr 2022 16:52:05 -0400 > >> > > From: Mike Michael <mike.mich...@dominionenterprises.com> > >> > > To: David Lang <da...@lang.hm> > >> > > Cc: rsyslog-users <rsyslog@lists.adiscon.com> > >> > > Subject: Re: [rsyslog] Could not open dynamic file/Permission denied > >> > > > >> > >> > >> > >> This is the directory. I think this is what you mean? DIS is the > group > >> > > listed as [ADMN GRP] previously. Thank you for looking at thism, > again > >> > > first experience with rsyslog and was inherited. > >> > > > >> > > > >> > > drwxrwxrwx. root DIS system_u:object_r:nfs_t:s0 rsyslog_DIR > >> > > > >> > _______________________________________________ > >> > rsyslog mailing list > >> > https://lists.adiscon.net/mailman/listinfo/rsyslog > >> > http://www.rsyslog.com/professional-services/ > >> > What's up with rsyslog? Follow https://twitter.com/rgerhards > >> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a > myriad > >> > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> > DON'T LIKE THAT. > >> > > >> _______________________________________________ > >> rsyslog mailing list > >> https://lists.adiscon.net/mailman/listinfo/rsyslog > >> http://www.rsyslog.com/professional-services/ > >> What's up with rsyslog? Follow https://twitter.com/rgerhards > >> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >> DON'T LIKE THAT. > >> > > _______________________________________________ > > rsyslog mailing list > > https://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
