http://bugzilla.opensuse.org/show_bug.cgi?id=1178154 Bug ID: 1178154 Summary: Make reading audit.log as non-root easier Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: suse-beta@cboltz.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Currently /var/log/audit/audit.log is only readable for root: drwx------ 1 root root 322 25. Okt 21:06 /var/log/audit/ -rw------- 1 root root 1815972 26. Okt 22:23 /var/log/audit/audit.log However, there are use cases where users would benefit from being able to read the audit.log, for example desktop notifications for AppArmor denials (with aa-notify -p, which currently needs sudo). Would it be possible to introduce a group "audit" and change the permissions to drwxr-x--- 1 root audit 322 25. Okt 21:06 /var/log/audit/ -rw-r----- 1 root audit 1815972 26. Okt 22:23 /var/log/audit/audit.log ^^^ ^^^^^ With that, users who want to use aa-notify -p could be added to the "audit" group instead of needing sudo permissions. -- You are receiving this mail because: You are on the CC list for the bug.