Use this documentation with care! It describes
the heavily outdated version 5, which was actively
developed around 2010 and is considered dead by the
rsyslog team for many years now.
This documentation reflects the latest update of the previously existing (now removed) v5-stable branch. It describes the 5.10.2 version, which was never released. As such, it contains some content that does not apply to any released version.
To obtain the doc that properly matches your installed v5 version, obtain the doc set from your distro. Each version of rsyslog contained the version that exactly matches it.
As general advise, it is strongly suggested to upgrade to the current version supported by the rsyslog project. The current version can always be found on the right-hand side info box on the rsyslog web site.
Note that there is no rsyslog community support available for this heavily outdated version. If you need to stick with it, please ask your distribution for support.
Dropping privileges in rsyslog¶
Available since: 4.1.1
Rsyslogd provides the ability to drop privileges by impersonating as another user and/or group after startup.
Please note that due to POSIX standards, rsyslogd always needs to start up as root if there is a listener who must bind to a network port below 1024. For example, the UDP listener usually needs to listen to 514 and as such rsyslogd needs to start up as root.
If you do not need this functionality, you can start rsyslog directly as an ordinary user. That is probably the safest way of operations. However, if a startup as root is required, you can use the $PrivDropToGroup and $PrivDropToUser config directives to specify a group and/or user that rsyslogd should drop to after initialization. Once this happend, the daemon runs without high privileges (depending, of course, on the permissions of the user account you specified).
There is some additional information available in the rsyslog wiki.
- $PrivDropToUser Name of the user rsyslog should run under after startup. Please note that this user is looked up in the system tables. If the lookup fails, privileges are NOT dropped. Thus it is advisable to use the less convenient $PrivDropToUserID directive. If the user id can be looked up, but can not be set, rsyslog aborts.
- $PrivDropToUserID Much the same as $PrivDropToUser, except that a numerical user id instead of a name is specified.Thus, privilege drop will always happen. rsyslogd aborts.
- $PrivDropToGroup Name of the group rsyslog should run under after startup. Please note that this user is looked up in the system tables. If the lookup fails, privileges are NOT dropped. Thus it is advisable to use the less convenient $PrivDropToGroupID directive. Note that all supplementary groups are removed from the process if $PrivDropToGroup is specified. If the group id can be looked up, but can not be set, rsyslog aborts.
- $PrivDropToGroupID Much the same as $PrivDropToGroup, except that a numerical group id instead of a name is specified. Thus, privilege drop will always happen.