Public bug reported: The Privilege Drop options ($PrivDrop*) in focal's rsyslog both point to 'syslog' for the user and group, and don't match the ownership/permission of '/dev/console' generating the following:
syslog:Aug 3 15:16:58 <HOSTNAME> rsyslogd: file '/dev/console': open error: Permission denied [v8.2001.0 try https://www.rsyslog.com/e/2433 ] Looking in Bionic/18.04LTS, '/dev/console' used to be root:syslog[1], nowadays it's root:tty[2] [1] - Bionic/18.04LTS (Gcloud instance) # ls -l /dev/console crw--w---- 1 root syslog 5, 1 Aug 3 15:17 /dev/console [2] - Focal/20.04LTS (Gcloud instance) # ls -l /dev/console crw--w---- 1 root tty 5, 1 Aug 3 17:19 /dev/console # /etc/rsyslog.conf $PrivDropToUser syslog $PrivDropToGroup syslog ** As a debug exercise I did the following: - Cannot reproduce the situation if I intentionally get rid of the PrivDrop* options. - Cannot reproduce the situation if I intentionally add 'syslog' user member of 'tty' group. Meaning that it's pretty obvious with the above statement that the permission denied is caused by the permission/ownership mismatch between '/dev/console' 's ownership permission & syslog user (PrivDropTo[User|Group]). Other bug: https://github.com/GoogleCloudPlatform/compute-image-packages/issues/889 ** Affects: rsyslog (Ubuntu) Importance: Undecided Status: New ** Affects: rsyslog (Ubuntu Focal) Importance: Undecided Status: New ** Tags: seg sts ** Tags added: seg sts ** Also affects: rsyslog (Ubuntu Focal) Importance: Undecided Status: New ** Description changed: The Privilege Drop options ($PrivDrop*) in focal's rsyslog both point to 'syslog' for the user and group, and don't match the ownership/permission of '/dev/console' generating the following: syslog:Aug 3 15:16:58 <HOSTNAME> rsyslogd: file '/dev/console': open error: Permission denied [v8.2001.0 try https://www.rsyslog.com/e/2433 ] Looking in Bionic/18.04LTS, '/dev/console' used to be root:syslog[1], nowadays it's root:tty[2] [1] - Bionic/18.04LTS (Gcloud instance) # ls -l /dev/console crw--w---- 1 root syslog 5, 1 Aug 3 15:17 /dev/console [2] - Focal/20.04LTS (Gcloud instance) - # ls -l /dev/console + # ls -l /dev/console crw--w---- 1 root tty 5, 1 Aug 3 17:19 /dev/console - # /etc/rsyslog.conf $PrivDropToUser syslog $PrivDropToGroup syslog ** As a debug exercise I did the following: - Cannot reproduce the situation if I intentionally get rid of the PrivDrop* options. - Cannot reproduce the situation if I intentionally add 'syslog' user member of 'tty' group. + Meaning that it's pretty obvious with the above statement that the + permission denied is caused by the permission/ownership mismatch between + '/dev/console' 's ownership permission & syslog user + (PrivDropTo[User|Group]). + Other bug: https://github.com/GoogleCloudPlatform/compute-image-packages/issues/889 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1890177 Title: rsyslogd: file '/dev/console': open error: Permission denied To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1890177/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
