changing group on /var/log/messages
suse makes the group owner of /var/log/messages root. I was wondering what might break if I changed the group owner to be wheel. I would like members of wheel to be able to read /var/log/messages without having to sudo . -- David Bear phone: 480-965-8257 fax: 480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! David Bear schrieb:
suse makes the group owner of /var/log/messages root. I was wondering what might break if I changed the group owner to be wheel. I would like members of wheel to be able to read /var/log/messages without having to sudo . In this case you have to change some stuff, because:
- - logrotate rotates logs and switches rights back to what syslog is configured to ... - - rights settings in SuSE with Yast will reset everything as well - - SuSEconfig will do the same You may have to change: /etc/permissions /etc/logrotate.conf /etc/logrotate/logrotate.d/* ... some additional stuff and maybe rights settings as well (640 instead of 600 for some files depending on your desires) ... Use logcheck or whatever scripts you desire instead for getting your reports via mail to local host for further investigations. Other option is to run xterm with messages-output via syslog as autostarter within whatever window-system you desire (as you have all in group wheel you might have x installed). Regards Philippe P.S.: Hint: /var/log/messages has filerights 644, so you needn't sudo to read them unless you did a paranoid or whatever security policy with you SuSE box. P.P.S.: All users are group wheel ... is this necessary? - -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift! Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: GnuPT 2.7.2 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQD1AwUBRASv8kNg1DRVIGjBAQLn3gb/T2OKRaqaQT7hHL85w4KiNkxADspT/1Cl 6hzjD85diGWoXwCuTvkOQNw1SiZgdsBjc5uTstmZXhK5B3Z/mMLVkqC8MZdISvim /LVgX7IjM8wm6Chhqxx3n3b/c2MM+7V9sXfLdQ3LEKYL3ueqPTtfG7ZqNROoIDkQ sz+qI71I5A3qERPCon5u9NMsYXkJGGnVF6u374s8GXF59SklIOenarS7TgyioAjs Lyts9Qi6T4nnsKwepM2ZH+y6XtOijPWSQEc7xV5MWOKb6nFeIpW2vLv+WsoEMECX uEixgi4KAyo= =LUjD -----END PGP SIGNATURE-----
On Tue, Feb 28, 2006 at 09:17:54PM +0100, Philippe Vogel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi!
David Bear schrieb:
suse makes the group owner of /var/log/messages root. I was wondering what might break if I changed the group owner to be wheel. I would like members of wheel to be able to read /var/log/messages without having to sudo . In this case you have to change some stuff, because:
- - logrotate rotates logs and switches rights back to what syslog is configured to ... - - rights settings in SuSE with Yast will reset everything as well - - SuSEconfig will do the same
You may have to change:
/etc/permissions /etc/logrotate.conf /etc/logrotate/logrotate.d/*
... some additional stuff and maybe rights settings as well (640 instead of 600 for some files depending on your desires) ...
this is exactly what I was looking for. Thanks.
Use logcheck or whatever scripts you desire instead for getting your reports via mail to local host for further investigations. Other option is to run xterm with messages-output via syslog as autostarter within whatever window-system you desire (as you have all in group wheel you might have x installed).
Regards
Philippe
P.S.: Hint: /var/log/messages has filerights 644, so you needn't sudo to read them unless you did a paranoid or whatever security policy with you SuSE box.
P.P.S.: All users are group wheel ... is this necessary?
- -- Diese Nachricht ist digital signiert und enthält weder Siegel noch Unterschrift!
Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: GnuPT 2.7.2 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQD1AwUBRASv8kNg1DRVIGjBAQLn3gb/T2OKRaqaQT7hHL85w4KiNkxADspT/1Cl 6hzjD85diGWoXwCuTvkOQNw1SiZgdsBjc5uTstmZXhK5B3Z/mMLVkqC8MZdISvim /LVgX7IjM8wm6Chhqxx3n3b/c2MM+7V9sXfLdQ3LEKYL3ueqPTtfG7ZqNROoIDkQ sz+qI71I5A3qERPCon5u9NMsYXkJGGnVF6u374s8GXF59SklIOenarS7TgyioAjs Lyts9Qi6T4nnsKwepM2ZH+y6XtOijPWSQEc7xV5MWOKb6nFeIpW2vLv+WsoEMECX uEixgi4KAyo= =LUjD -----END PGP SIGNATURE-----
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- David Bear phone: 480-965-8257 fax: 480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2006-02-28 at 21:17 +0100, Philippe Vogel wrote:
In this case you have to change some stuff, because:
- logrotate rotates logs and switches rights back to what syslog is configured to ... - rights settings in SuSE with Yast will reset everything as well - SuSEconfig will do the same
You may have to change:
/etc/permissions /etc/logrotate.conf /etc/logrotate/logrotate.d/*
I have changed (for several years now) the permissions several logs to allow the root group to have read access, and to do that you only need to change logrotate, it's enough (in /etc/logrotate.d/syslog): create 640 root root the OP would need: create 640 root wheel - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFEBOjjtTMYHG2NR9URAhimAJ99YZ0zVmKNL/AWgbtB8KVvBcU/dACbBkJ8 fmKCOZKSCfJC1fIxCt+Ucu8= =IN3A -----END PGP SIGNATURE-----
On Tue, 28 Feb 2006, Philippe Vogel wrote:
... You may have to change:
/etc/permissions ...
One small point: you should never change /etc/permissions because your change will be lost at a random point in the future. Change /etc/permissions.local instead. Bob
participants (4)
-
Bob Vickers -
Carlos E. R. -
David Bear -
Philippe Vogel