Bug#873062: /var/log/ulogd not accesible using sudo
Control: tags -1 moreinfo On 24/08/2017 08:44, Arturo Borrero Gonzalez wrote: > Dear Maintainer, > > the ulogd2 package creates /var/log/ulogd upon installation for logs to be > there. > > Problem is that with the default permissions, this directory is not available > for users using 'sudo', i.e. this is not possible: > > % sudo tailf -f /var/log/ulogd/mylog.log > > We should change user/group/permissions of this directory to easy system > administration. > Probably simply "chmod -R go+rx" is enough. Hi Arturo, The directory created by the ulogd2 package in Debian is /var/log/ulog, rather than /var/log/ulogd. I will assume this is a typo on your bug report rather than you using a different directory. The sudo with tail should work just fine, but I assume the issue is you can't see within the ulogd directory in order to tab-complete the file names. Is my assumption correct? Either way, my understanding is that the most efficient way to grant users read access to log files is by adding them to the 'adm' group. You will find the /var/log/ulog directory has 'adm' group ownership and r-x group permissions, and files within should also be readable by the adm group: the logrotate job rotates *.log and *.pcap in there and creates empty files with adm group ownership and read privileges. On my systems with a fairly stock ulogd.conf the permissions look like this: drwxr-x--- 2 ulog adm4096 Aug 21 06:25 /var/log/ulog/ -rw-r- 1 ulog adm 2315797 Aug 24 08:56 /var/log/ulog/syslogemu.log Is this not what you are seeing on your ulogd installations? Regards, Chris -- Chris Boot bo...@debian.org GPG: 8467 53CB 1921 3142 C56D C918 F5C8 3C05 D9CE
Bug#873062: /var/log/ulogd not accesible using sudo
On 24 August 2017 at 09:59, Chris Bootwrote: > > The directory created by the ulogd2 package in Debian is /var/log/ulog, > rather than /var/log/ulogd. I will assume this is a typo on your bug > report rather than you using a different directory. yes. > > The sudo with tail should work just fine, but I assume the issue is you > can't see within the ulogd directory in order to tab-complete the file > names. Is my assumption correct? > yes :-/ > Either way, my understanding is that the most efficient way to grant > users read access to log files is by adding them to the 'adm' group. You > will find the /var/log/ulog directory has 'adm' group ownership and r-x > group permissions, and files within should also be readable by the adm > group: the logrotate job rotates *.log and *.pcap in there and creates > empty files with adm group ownership and read privileges. > Great, Chris. Fair enough, you are right :-) Closing this bug now. Sorry for the noise.
Bug#873062:
I think this is basically asking for the opposite of #846843 [0]. What is the point on disallowing root access using sudo? [0] https://bugs.debian.org/846843
Bug#873062: /var/log/ulogd not accesible using sudo
Package: ulogd2 Version: 2.0.5-5 Severity: normal Dear Maintainer, the ulogd2 package creates /var/log/ulogd upon installation for logs to be there. Problem is that with the default permissions, this directory is not available for users using 'sudo', i.e. this is not possible: % sudo tailf -f /var/log/ulogd/mylog.log We should change user/group/permissions of this directory to easy system administration. Probably simply "chmod -R go+rx" is enough. I could try to patch this myself.