FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 06-21-2012, 07:53 PM
Arno Gaboury
 
Default pipe log msg on conky window

Dear all,

as I was configuring a conky window on my desktop, I decided to add some
precisions and tips for configuring the *.conkyrc* file in the Arch WIKI.


Reading any /var/log file needs to be root, thus making difficult to run
any home config file with read access to log files. My turnaround is to

*$chown root:log /var/log* then *$usermod -aG log username*.
Security wise, I do not know if this can bring serious potential breach
in the system. If yes, please tell me as I will NOT let this turnaround
in the WIKI.

What would be a safer solution to read the log files in my conky window?

Regards.

**
 
Old 06-21-2012, 08:00 PM
Arno Gaboury
 
Default pipe log msg on conky window

On 06/21/2012 09:53 PM, Arno Gaboury wrote:

Dear all,

as I was configuring a conky window on my desktop, I decided to add
some precisions and tips for configuring the *.conkyrc* file in the
Arch WIKI.


Reading any /var/log file needs to be root, thus making difficult to
run any home config file with read access to log files. My turnaround
is to

*$chown root:log /var/log* then *$usermod -aG log username*.
Security wise, I do not know if this can bring serious potential
breach in the system. If yes, please tell me as I will NOT let this
turnaround in the WIKI.

What would be a safer solution to read the log files in my conky window?

Regards.




Sorry, this mail was itended to [arch-general].
 
Old 06-22-2012, 08:55 AM
mike cloaked
 
Default pipe log msg on conky window

On Thu, Jun 21, 2012 at 8:53 PM, Arno Gaboury <arnaud.gaboury@gmail.com> wrote:
> Dear all,
>
> as I was configuring a conky window on my desktop, I decided to add some
> precisions and tips for configuring the *.conkyrc* file in the Arch WIKI.
>
> Reading any /var/log file needs to be root, thus making difficult to run any
> home config file with read access to log files. My turnaround is to
> *$chown root:log /var/log* then *$usermod -aG log username*.
> Security wise, I do not know if this can bring serious potential breach in
> the system. If yes, please tell me as I will NOT let this turnaround in the
> WIKI.
> What would be a safer solution to read the log files in my conky window?

How about using sudo without password required? It is possible to
configure it to allow specific commands - maybe the user can have sudo
access to read the relevant log files?
--
mike c
 
Old 06-22-2012, 09:38 AM
Kazó Csaba
 
Default pipe log msg on conky window

2012/6/21 Arno Gaboury <arnaud.gaboury@gmail.com>:
> Dear all,
>
> as I was configuring a conky window on my desktop, I decided to add some
> precisions and tips for configuring the *.conkyrc* file in the Arch WIKI.
>
> Reading any /var/log file needs to be root, thus making difficult to run any
> home config file with read access to log files. My turnaround is to
> *$chown root:log /var/log* then *$usermod -aG log username*.
> Security wise, I do not know if this can bring serious potential breach in
> the system. If yes, please tell me as I will NOT let this turnaround in the
> WIKI.
> What would be a safer solution to read the log files in my conky window?
>
> Regards.
>
> **
>

Hello,

The default syslog-ng configuration is set up so that users in the
group 'log' can read the files:

# /etc/syslog-ng/syslog-ng.conf
options {
...
perm(0640);
group("log");
};

If you're using something else, then you could try to configure it to
do the same.

I think that security-wise using a group for this is the perfect
approach because you can control who exactly can access the logs.


Csaba
 

Thread Tools




All times are GMT. The time now is 07:05 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org