Bug ID 1178154
Summary Make reading audit.log as non-root easier
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Enhancement
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter suse-beta@cboltz.de
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Currently /var/log/audit/audit.log is only readable for root:

drwx------ 1 root root     322 25. Okt 21:06 /var/log/audit/
-rw------- 1 root root 1815972 26. Okt 22:23 /var/log/audit/audit.log

However, there are use cases where users would benefit from being able to read
the audit.log, for example desktop notifications for AppArmor denials (with
aa-notify -p, which currently needs sudo).

Would it be possible to introduce a group "audit" and change the permissions to

drwxr-x--- 1 root audit     322 25. Okt 21:06 /var/log/audit/
-rw-r----- 1 root audit 1815972 26. Okt 22:23 /var/log/audit/audit.log
    ^^^           ^^^^^

With that, users who want to use aa-notify -p could be added to the "audit"
group instead of needing sudo permissions.

You are receiving this mail because: