Sudo and limited rights
Anne Wilson
cannewilson at googlemail.com
Mon Oct 31 12:40:03 UTC 2011
On Monday 31 Oct 2011 12:33:14 Patrick Boutilier wrote:
> On 10/31/2011 09:27 AM, Anne Wilson wrote:
> > On Monday 31 Oct 2011 12:21:10 Patrick Boutilier wrote:
> >> On 10/31/2011 09:16 AM, Anne Wilson wrote:
> >>> On Monday 31 Oct 2011 10:40:12 Patrick Boutilier wrote:
> >>>> On 10/31/2011 07:33 AM, Anne Wilson wrote:
> >>>>> I'm fed up of having to be root to read log files when
> >>>>> troubleshooting. I'd like to add a sudo line that gives me read-only
> >>>>> rights to /var/log/ - is this possible? I've not found any example
> >>>>> of limted rights like that - and I don't want to allow write access
> >>>>> to anyone other than root.
> >>>>>
> >>>>> Anne
> >>>>
> >>>> Not really a KDE issue, but facl should work. $user will be your
> >>>> userid.
> >>>>
> >>>> setfacl -R -m u:$user:r /var/log/
> >>>>
> >>>>
> >>>>
> >>>>
> >>>> This one will give you access to newly created logs files without
> >>>> having to run the above again.
> >>>>
> >>>>
> >>>> setfacl -d -R -m u:$user:r /var/log/
> >>>
> >>> Thanks. Unfortunately it doesn't seem to work - kwrite still shows an
> >>> empty file even though I can see the size of it indicating that it is
> >>> quite big.
> >>>
> >>> Anne
> >>
> >> Which file in /var/log/ ?
> >>
> >> What does getfacl /var/log/<file> show?
> >
> > # file: var/log/dmesg
> > # owner: root
> > # group: root
> > user::rw-
> > user:anne:r--
> > group::r--
> > mask::r--
> > other::r--
> >
> >> Does this work from a prompt?
> >>
> >> tail /var/log/<file>
> >
> > tail /var/log/dmesg
> > -bash: /var/log/dmesg: Permission denied
> >
> > Anne
>
> Weird, you shouldn't even need to set a facl for /var/log/dmesg as other
> already has read access via normal unix permissions.
>
> other::r--
>
>
> What are the rights on /var and /var/log ?
>
> getfacl /var
> getfacl /var/log
>
[root at borg2 ~]# getfacl /var
getfacl: Removing leading '/' from absolute path names
# file: var
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
[root at borg2 ~]# getfacl /var/log
getfacl: Removing leading '/' from absolute path names
# file: var/log
# owner: root
# group: root
user::rwx
user:anne:r--
group::r-x
mask::r-x
other::r-x
Anne
--
New to KDE Software? Got some good hints and tips? - Welcome to
http://userbase.kde.org
More information about the kde
mailing list