Sudo and limited rights

[Patrick Boutilier]

On 10/31/2011 09:27 AM, Anne Wilson wrote:
> On Monday 31 Oct 2011 12:21:10 Patrick Boutilier wrote:
>> On 10/31/2011 09:16 AM, Anne Wilson wrote:
>>> On Monday 31 Oct 2011 10:40:12 Patrick Boutilier wrote:
>>>> On 10/31/2011 07:33 AM, Anne Wilson wrote:
>>>>> I'm fed up of having to be root to read log files when troubleshooting.
>>>>> I'd like to add a sudo line that gives me read-only rights to /var/log/
>>>>> - is this possible?  I've not found any example of limted rights like
>>>>> that - and I don't want to allow write access to anyone other than
>>>>> root.
>>>>>
>>>>> Anne
>>>>
>>>> Not really a KDE issue, but facl should work. $user will be your userid.
>>>>
>>>> setfacl -R -m u:$user:r /var/log/
>>>>
>>>>
>>>>
>>>>
>>>> This one will give you access to newly created logs files without having
>>>> to run the above again.
>>>>
>>>>
>>>> setfacl -d -R -m u:$user:r /var/log/
>>>
>>> Thanks.  Unfortunately it doesn't seem to work - kwrite still shows an
>>> empty file even though I can see the size of it indicating that it is
>>> quite big.
>>>
>>> Anne
>>
>> Which file in /var/log/ ?
>>
>> What does getfacl /var/log/<file>  show?
>>
> # file: var/log/dmesg
> # owner: root
> # group: root
> user::rw-
> user:anne:r--
> group::r--
> mask::r--
> other::r--
>
>>
>> Does this work from a prompt?
>>
>> tail /var/log/<file>
>>
> tail /var/log/dmesg
> -bash: /var/log/dmesg: Permission denied
>
> Anne

Weird, you shouldn't even need to set a facl for /var/log/dmesg as other 
already has read access via normal unix permissions.

other::r--


What are the rights on /var and /var/log ?

getfacl /var
getfacl /var/log



-------------- next part --------------
A non-text attachment was scrubbed...
Name: boutilpj.vcf
Type: text/x-vcard
Size: 297 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/kde/attachments/20111031/da29e7a8/attachment.vcf