Rsyslog – Setting Read and Write Permissions for Group and Everyone

centos7rsyslogsyslog

Rsyslog ignores read and write permission set with fileCreateMode for group and everyone.

I have set up a service to run my node application as such:

...
[Service]
WorkingDirectory=/opt/demo/app
User=appuser
Type=simple
ExecStart=/usr/bin/node myapp.js demo
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=myapp
...

Then I setup a myapp.conf file in /etc/rsyslog.d/ like this

if ($programname == 'myapp') then {
    action(
        type="omfile"
        File="/opt/demo/app/app.log"
        fileCreateMode="0640"
        fileOwner="appuser"
        fileGroup="mygroup"
    )
    stop
}

The log file gets created with the correct user and group but with 0600 permissions instead of 0640.

If I change fileCreateMode to 0777 then the file gets created with 0711.

I am using default rsyslog.conf, rsyslog version is 8.24.0-41, OS is CentOS 7.7

rsyslogd -N 1 does not throw any errors

Best Answer

If your rsyslogd is being started by systemd then your service definition, /usr/lib/systemd/system/rsyslog.service, probably contains a UMask restiction:

UMask=0066

This breaks any config in the rsyslogd.conf relating to masks and modes.

Related Solutions

Centos – rsyslog-thesql on CentOS 5.3 does not have permission to access the thesql.sock

Woo!!

So I was very close with the semodule solution... It actually kind of worked but I'm not 100% sure why. I rebooted the server and reloaded the semodule out of frustration. selinux is enabled and I'm seeing system messages show up in the database.

Hopefully this will help someone else if they stumble across it. Good luck!

Linux – How to set up thesql storage for certain rsyslog input matches

I guess something along this should work. First, make sure you have the line below in your rsyslog conf file, so MySQL output module gets loaded:

$ModLoad ommysql

Then, filter the stuff you want like this:

:msg, contains, "Heroku"     :ommysql:dbserver,dbname,dbuser,dbpass;heroku-template

Next you need to create a template for your data, so rsyslog knows what and how to insert to your database. Here is an example template which only records date and message, and is excepting you to have a table with only two columns, date and message.

$template heroku-template, "INSERT INTO herokulog(date,message) VALUES ('%timestamp','%msg')\r\n", SQL

Something like this should work. Note that this was on the top of my head and not tested at all, but you get the idea. Much more detailed information can be found from rsyslog web site, for example the available template parameter values might interest you.

Best Answer

Related Solutions

Centos – rsyslog-thesql on CentOS 5.3 does not have permission to access the thesql.sock

Linux – How to set up thesql storage for certain rsyslog input matches

Related Topic