OT: allow ordinary user to read /var/log/audit/audit.log

James McKenzie jjmckenzie51 at gmail.com
Thu Jun 9 15:45:19 UTC 2011


On 6/9/11, Hiisi <hiisi at fedoraproject.org> wrote:
> Hi, list!
> Sorry for off-topic. I want to give certain users to execute some
> commands to configure web-server. Here's what I have in /etc/sudoers
> for user 'hospes':
> Cmnd_Alias HOSPES = /sbin/service, /sbin/chkconfig,
> /usr/sbin/setsebool, /sbin/restorecon, /usr/sbin/semanage,
> /usr/sbin/setenforce
> %hospes ALL=(root) sudoedit /etc/httpd/*
> %hospes ALL=(root) sudoedit /etc/hosts
> Next I would like to allow hospes to read /var/log/audit/audit.log. I
> don't want to allow him to edit this file but only to read (e.g. cat
> or grep). I don't want to change audit.log attributes. Any
> suggestions, please?
What group owns the log file.  It may be as simple as adding the group
to the sudoers file with the /var/log directory.


More information about the users mailing list