[clue-tech] syslog FIFO and Permission Denied
Kevin Fenzi
kevin at scrye.com
Wed Jul 27 12:25:38 MDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "William" == William <wlist-clue at kimballstuff.com> writes:
William> I manage my servers across the network via ssh, so I wasn't
William> seeing the error messages -- everything looked fine except
William> that my tool wasn't receiving any messages through the FIFO.
William> By an unrelated task, I noticed the errors on the monitor for
William> that box. Rough translation: syslogd is denied access to
William> /var/adm/my.fifo. I'd get a copy/paste of the exact error,
William> except that I don't know how to redirect the error output to
William> my terminal session and I won't be on location until later
William> tonight. Additionally, the errors are writing to the screen
William> as the system sits at the Linux login screen.
William> I have Googled around for FIFO permission problems, but
William> nothing useful turns up. I assume this is trivial, but I'm
William> unable to see anything visibly wrong with the FIFO
William> permissions.
William> Any ideas?
While it's impossible to say for sure without seeing the messages
(have you looked in /var/log/messages?), I suspect what you are seeing
is selinux in action. It's denying syslog to write to a file thats
probibly got the wrong security context to allow syslog to use it.
Several possible options:
- - Disable selinux in /etc/sysconfig/selinux. Of course then you don't
get it's protectons as well.
- - Use something like audit2allow and allow the specific things that
syslog needs to work with your pipe. As luck would have it, I wrote an
article on this very thing in the latest sysadmin magazine:
http://www.samag.com/documents/s=9820/sam0508a/0508a.htm
William> -- William Kimball, Jr. "Programming is an art-form that
William> fights back!" =)
kevin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD8DBQFC59Fw3imCezTjY0ERAjAKAJkBZCrjT/L47l6RLLegIxtbYRowawCfQU3o
eWYlRNxkMZVnpAFRtreuptw=
=EkUJ
-----END PGP SIGNATURE-----
_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list