Installation of syslog-ng results in Permission denied (13) errors

Bug #701671 reported by John Kounis on 2011-01-11
76
This bug affects 15 people
Affects Status Importance Assigned to Milestone
syslog-ng (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: syslog-ng

System: Ubuntu 10.10 Maverick
Package syslog-ng Version: 3.1.2-1

After installing syslog-ng (sudo apt-get install syslog-ng), the file /var/log/error filled up with the following errors:

Jan 11 10:49:33 pgfs syslog-ng[3363]: Error opening file for writing; filename='/var/log/syslog', error='Permission denied (13)'
Jan 11 10:49:33 pgfs syslog-ng[3363]: Error opening file for writing; filename='/var/log/messages', error='Permission denied (13)'
Jan 11 10:49:44 pgfs syslog-ng[3363]: Error opening file for writing; filename='/var/log/auth.log', error='Permission denied (13)'
Jan 11 10:49:44 pgfs syslog-ng[3363]: Error opening file for writing; filename='/var/log/auth.log', error='Permission denied (13)'
Jan 11 10:49:44 pgfs syslog-ng[3363]: Error opening file for writing; filename='/var/log/syslog', error='Permission denied (13)'
Jan 11 10:49:44 pgfs syslog-ng[3363]: Error opening file for writing; filename='/var/log/syslog', error='Permission denied (13)'

The reason is that syslogd ran as user: syslog group: adm, but syslog-ng runs as user: root group:adm.

There are two solutions I can suggest:

(1) Change the option owner("root") to owner("syslog") in the file /etc/syslog-ng/syslog-ng.conf distributed as part of the package.

(2) Have the installation procedure execute "chown root.adm" for all logs listed as destinations in syslog-ng.conf.

There is one thing I'm confused about: Since syslog-ng runs as "root" instead of "sysadm," why is it getting "Permission denied" errors? I thought root shouldn't get those errors.

Kaltsi (kaltsi) wrote :

Please update syslog-ng packege in backport to version syslog-ng 3.1.3-3.

http://packages.qa.debian.org/s/syslog-ng/news/20110201T193207Z.html

The version syslog-ng 3.1.2-1 contains more bugs.

Thx

Adam Nelson (adam-varud) wrote :

This is a huge problem - it effectively makes syslog-ng unfit for use.

Adam Nelson (adam-varud) wrote :

I've tried setting option #1, which does not work. This was my quickfix from /var/log:

sudo chown --from=syslog root *

Gordon Reyburn (greyburn) wrote :

I got this working by doing the following:

1) As the OP said, "Change the option owner("root") to owner("syslog") in the file /etc/syslog-ng/syslog-ng.conf distributed as part of the package.". Not sure this actually does anything, certainly doesn't start the process as "syslog" but it may be used for writing files.

2) Change the SYSLOGNG_OPTS="" in /etc/init.d/syslog-ng to read : SYSLOGNG_OPTS="-u syslog -g adm"

3) Change the pid location specified in /etc/init.d/syslog-ng FROM /var/run/syslog-ng.pid TO /var/run/syslog-ng/syslog-ng.pid

4) /var/run/syslog-ng/ was already created by the syslog-ng package, which is a little odd given the default config doesn't use it. You will need to fix the permissions of this dir so the syslog user can write to it. 'chown syslog:adm /var/run/syslog-ng'

5) make sure all log files referenced by your syslog-ng config (/etc/syslog-ng/syslog-ng.conf) are owned by syslog:adm. Do not chown the whole directory or you will have problems.

5) restart syslog-ng

6) sleep better knowing syslog is no longer running as root :)

Changed in syslog-ng (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers