some problem under the AIX6.1 system | Log collection solutions

#1 alexchen123 7 years ago

hello:

I find some problem under AIX6.1 system.

the log:

2017-03-21 14:02:41 WARNING additional group memberships couldn't be set because getgrouplist()and setgroups() are not available on this platform
2017-03-21 14:02:41 INFO nxlog-ce-2.8.1248 started
2017-03-21 14:02:41 ERROR failed to open /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied
2017-03-21 14:02:43 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied
2017-03-21 14:02:49 ERROR last message repeated 2 times
2017-03-21 14:02:57 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied
2017-03-21 14:03:13 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied
2017-03-21 14:03:45 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied
2017-03-21 14:04:50 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied

and i sccan the source code, find:

static void nxlog_set_groups(nxlog_t *nxlog, apr_uid_t uid)
{
gid_t grplist[100];
int ngroups = sizeof(grplist);
char *user;
apr_status_t rv;

if ( (rv = apr_uid_name_get(&user, uid, nxlog->pool)) != APR_SUCCESS )
{
   log_aprerror(rv, "couldn't resolve uid %d to name", uid);
   return;
}
#ifdef HAVE_GETGROUPLIST
# ifdef HAVE_SETGROUPS
if ( getgrouplist(user, getgid(), grplist, &ngroups) == -1 )
{
   log_error("couldn't get group membership for user %s (uid: %d), too many groups?", user, uid);
   return;
}
if ( setgroups((size_t) ngroups, grplist) != 0 )
{
   log_errno("couldn't get group membership for user %s (uid: %d), setgroups() failed",
       user, uid);
   return;
}
# else
log_warn("additional group memberships couldn't be set because getgrouplist()"
   "and setgroups() are not available on this platform");
# endif
#else
log_warn("additional group memberships couldn't be set because getgrouplist()"
   "and setgroups() are not available on this platform");
#endif

}

I don't what' wrong with this problem, thanks.

Permalink

#2 b0ti Nxlog ✓ 4 years ago

#1 alexchen123

hello: I find some problem under AIX6.1 system. the log: 2017-03-21 14:02:41 WARNING additional group memberships couldn't be set because getgrouplist()and setgroups() are not available on this platform 2017-03-21 14:02:41 INFO nxlog-ce-2.8.1248 started 2017-03-21 14:02:41 ERROR failed to open /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied 2017-03-21 14:02:43 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied 2017-03-21 14:02:49 ERROR last message repeated 2 times 2017-03-21 14:02:57 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied 2017-03-21 14:03:13 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied 2017-03-21 14:03:45 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied 2017-03-21 14:04:50 ERROR apr_stat failed on file /u01/app/oracle/diag/rdbms/testdb/testdb/trace/alert_testdb.log;Permission denied and i sccan the source code, find: static void nxlog_set_groups(nxlog_t *nxlog, apr_uid_t uid) { gid_t grplist[100]; int ngroups = sizeof(grplist); char *user; apr_status_t rv; if ( (rv = apr_uid_name_get(&user, uid, nxlog->pool)) != APR_SUCCESS ) { log_aprerror(rv, "couldn't resolve uid %d to name", uid); return; } #ifdef HAVE_GETGROUPLIST # ifdef HAVE_SETGROUPS if ( getgrouplist(user, getgid(), grplist, &ngroups) == -1 ) { log_error("couldn't get group membership for user %s (uid: %d), too many groups?", user, uid); return; } if ( setgroups((size_t) ngroups, grplist) != 0 ) { log_errno("couldn't get group membership for user %s (uid: %d), setgroups() failed", user, uid); return; } # else log_warn("additional group memberships couldn't be set because getgrouplist()" "and setgroups() are not available on this platform"); # endif #else log_warn("additional group memberships couldn't be set because getgrouplist()" "and setgroups() are not available on this platform"); #endif } I don't what' wrong with this problem, thanks.

When you are running nxlog under the user foo and foo is a member of the group bar then it won't be able to access files/directories that bar has access to. That's what the WARNING message is saying.