On 10/31/2011 09:27 AM, Anne Wilson wrote:
On Monday 31 Oct 2011 12:21:10 Patrick Boutilier wrote:
> On 10/31/2011 09:16 AM, Anne Wilson wrote:
>> On Monday 31 Oct 2011 10:40:12 Patrick Boutilier wrote:
>>> On 10/31/2011 07:33 AM, Anne Wilson wrote:
>>>> I'm fed up of having to be root to read log files when
troubleshooting.
>>>> I'd like to add a sudo line that gives me read-only rights to
/var/log/
>>>> - is this possible? I've not found any example of limted rights
like
>>>> that - and I don't want to allow write access to anyone other than
>>>> root.
>>>>
>>>> Anne
>>>
>>> Not really a KDE issue, but facl should work. $user will be your userid.
>>>
>>> setfacl -R -m u:$user:r /var/log/
>>>
>>>
>>>
>>>
>>> This one will give you access to newly created logs files without having
>>> to run the above again.
>>>
>>>
>>> setfacl -d -R -m u:$user:r /var/log/
>>
>> Thanks. Unfortunately it doesn't seem to work - kwrite still shows an
>> empty file even though I can see the size of it indicating that it is
>> quite big.
>>
>> Anne
>
> Which file in /var/log/ ?
>
> What does getfacl /var/log/<file> show?
>
# file: var/log/dmesg
# owner: root
# group: root
user::rw-
user:anne:r--
group::r--
mask::r--
other::r--
>
> Does this work from a prompt?
>
> tail /var/log/<file>
>
tail /var/log/dmesg
-bash: /var/log/dmesg: Permission denied
Anne
Weird, you shouldn't even need to set a facl for /var/log/dmesg as other
already has read access via normal unix permissions.
other::r--
What are the rights on /var and /var/log ?
getfacl /var
getfacl /var/log