2012/6/21 Arno Gaboury <arnaud.gaboury@xxxxxxxxx>:
> Dear all,
>
> as I was configuring a conky window on my desktop, I decided to add some
> precisions and tips for configuring the *.conkyrc* file in the Arch WIKI.
>
> Reading any /var/log file needs to be root, thus making difficult to run any
> home config file with read access to log files. My turnaround is to
> *$chown root:log /var/log* then *$usermod -aG log username*.
> Security wise, I do not know if this can bring serious potential breach in
> the system. If yes, please tell me as I will NOT let this turnaround in the
> WIKI.
> What would be a safer solution to read the log files in my conky window?
>
> Regards.
>
> **
>
Hello,
The default syslog-ng configuration is set up so that users in the
group 'log' can read the files:
# /etc/syslog-ng/syslog-ng.conf
options {
...
perm(0640);
group("log");
};
If you're using something else, then you could try to configure it to
do the same.
I think that security-wise using a group for this is the perfect
approach because you can control who exactly can access the logs.
Csaba
