| View previous topic :: View next topic |
| Author |
Message |
jesterspet
Apprentice
Joined: 05 Feb 2003
Posts: 215
Location: Atlanta
|
 Posted: Tue Jul 09, 2013 4:50 pm Post subject: Syslog-ng and ACL's |
 |
|
I would like to add read permissions for a user account (not root) to the /var/log/messages file using ACLs.
This would be trivial with setfacl if the log file did not rotate.
I am unable to locate a way to have syslog-ng create the file with the correct permissions.
Does anyone know how to get syslog-ng to create log files with ACL entries 
_________________
(X) Yes! I am a brain damaged lemur on crack, and would like to buy your software package for $499.95 |
|
| Back to top |
|
 |
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.
|
| Posted: Wed Jul 10, 2013 1:52 pm Post subject: |
|
|
Not offhand, but one way around this would be to have logrotate truncate the file instead of re-creating it.
_________________
| patrix_neo wrote: | The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it. |
|
|
| Back to top |
|
|
jesterspet
Apprentice
Joined: 05 Feb 2003
Posts: 215
Location: Atlanta
|
| Posted: Tue Jul 16, 2013 4:57 pm Post subject: |
|
|
True, but that means no more log rotation for me 
I'd like to be able to rotate my log files & be able to grant read permissions to individual users and groups to root owned files without affecting the normal operation of the system.
It would seem that the solution I am looking for is going to have to be a cron job that checks the acls and evaluates if they are present, and correct & if not apply them to the specified file. This is less than ideal, but I don't see another solution.
_________________
(X) Yes! I am a brain damaged lemur on crack, and would like to buy your software package for $499.95 |
|
| Back to top |
|
|
Bones McCracker
Veteran
Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.
|
| Posted: Tue Jul 16, 2013 5:28 pm Post subject: |
|
|
| jesterspet wrote: | True, but that means no more log rotation for me
I'd like to be able to rotate my log files & be able to grant read permissions to individual users and groups to root owned files without affecting the normal operation of the system.
It would seem that the solution I am looking for is going to have to be a cron job that checks the acls and evaluates if they are present, and correct & if not apply them to the specified file. This is less than ideal, but I don't see another solution. |
You can still do that. Truncation just means that logrotate leaves the original file there and delete's its contents, instead of moving the file somewhere else and creating a new one. See the logrotate man page.
You may find better ways of dealing with it, though; that's just what came to mind.
_________________
| patrix_neo wrote: | The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it. |
|
|
| Back to top |
|
|
|
Networking & Security
