Re: Sudo and limited rights

[Patrick Boutilier <boutilpj@xxxxxxxxxxx>]

On 10/31/2011 09:40 AM, Anne Wilson wrote:
> On Monday 31 Oct 2011 12:33:14 Patrick Boutilier wrote:
> > On 10/31/2011 09:27 AM, Anne Wilson wrote:
> > > On Monday 31 Oct 2011 12:21:10 Patrick Boutilier wrote:
> > > > On 10/31/2011 09:16 AM, Anne Wilson wrote:
> > > > > On Monday 31 Oct 2011 10:40:12 Patrick Boutilier wrote:
> > > > > > On 10/31/2011 07:33 AM, Anne Wilson wrote:
> > > > > > > I'm fed up of having to be root to read log files when
> > > > > > > troubleshooting. I'd like to add a sudo line that gives me read-only
> > > > > > > rights to /var/log/ - is this possible?  I've not found any example
> > > > > > > of limted rights like that - and I don't want to allow write access
> > > > > > > to anyone other than root.
> > > > > > >
> > > > > > > Anne
> > > > > >
> > > > > > Not really a KDE issue, but facl should work. $user will be your
> > > > > > userid.
> > > > > >
> > > > > > setfacl -R -m u:$user:r /var/log/
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > This one will give you access to newly created logs files without
> > > > > > having to run the above again.
> > > > > >
> > > > > >
> > > > > > setfacl -d -R -m u:$user:r /var/log/
> > > > >
> > > > > Thanks.  Unfortunately it doesn't seem to work - kwrite still shows an
> > > > > empty file even though I can see the size of it indicating that it is
> > > > > quite big.
> > > > >
> > > > > Anne
> > > >
> > > > Which file in /var/log/ ?
> > > >
> > > > What does getfacl /var/log/<file>   show?
> > >
> > > # file: var/log/dmesg
> > > # owner: root
> > > # group: root
> > > user::rw-
> > > user:anne:r--
> > > group::r--
> > > mask::r--
> > > other::r--
> > >
> > > > Does this work from a prompt?
> > > >
> > > > tail /var/log/<file>
> > >
> > > tail /var/log/dmesg
> > > -bash: /var/log/dmesg: Permission denied
> > >
> > > Anne
> >
> > Weird, you shouldn't even need to set a facl for /var/log/dmesg as other
> > already has read access via normal unix permissions.
> >
> > other::r--
> >
> >
> > What are the rights on /var and /var/log ?
> >
> > getfacl /var
> > getfacl /var/log
> [root@borg2 ~]# getfacl /var
> getfacl: Removing leading '/' from absolute path names
> # file: var
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> [root@borg2 ~]# getfacl /var/log
> getfacl: Removing leading '/' from absolute path names
> # file: var/log
> # owner: root
> # group: root
> user::rwx
> user:anne:r--
> group::r-x
> mask::r-x
> other::r-x
>
> Anne

Weird. Directories have rx for "other" and the the file has r for 
"other". Anybody should be able to read /var/log/dmesg.
begin:vcard
fn:Patrick Boutilier
n:Boutilier;Patrick
org:;Nova Scotia Department of Education
adr:;;2021 Brunswick Street;Halifax;NS;B3K 2Y5;Canada
email;internet:boutilpj@xxxxxxxxxxx
title:WAN Communications Specialist
tel;work:902-424-6800
tel;fax:902-424-0874
version:2.1
end:vcard

_______________________________________________
kde mailing list
kde@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kde
New to KDE4? - get help from http://userbase.kde.org