PDA

View Full Version : User with access to logs



susehoush
05-Jun-2015, 09:16
Hello,

we want to create a new user with access to the logs of a sles11sp3 machine.

the log files in /var/log all belong to root:root so standard users cannot read them

is there any way to create a non-root user to provide access to the logs?

thx,
hugo

mikewillis
05-Jun-2015, 09:55
Hello,

we want to create a new user with access to the logs of a sles11sp3 machine.

the log files in /var/log all belong to root:root so standard users cannot read them

is there any way to create a non-root user to provide access to the logs?


If you want all non-root users to have access to the logs simply add global read on everything in /var/log/

If you want only a specific non-root user to have access you could use access control lists. E.g. to give user mike read access to everything in /var/log (-R is recursive)


$ linux-pgyf:~ # getfacl /var/log/messages
getfacl: Removing leading '/' from absolute path names
# file: var/log/messages
# owner: root
# group: root
user::rw-
group::r--
other::---

$ linux-pgyf:~ # setfacl -R -m u:mike:-r /var/log/
linux-pgyf:~ # getfacl /var/log/messages
getfacl: Removing leading '/' from absolute path names
# file: var/log/messages
# owner: root
# group: root
user::rw-
user:mike:r--
group::r--
mask::r--
other::---

linux-pgyf:~ #