FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 06-09-2011, 03:39 PM
Hiisi
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

Hi, list!
Sorry for off-topic. I want to give certain users to execute some
commands to configure web-server. Here's what I have in /etc/sudoers
for user 'hospes':
Cmnd_Alias HOSPES = /sbin/service, /sbin/chkconfig,
/usr/sbin/setsebool, /sbin/restorecon, /usr/sbin/semanage,
/usr/sbin/setenforce
%hospes ALL=(root) sudoedit /etc/httpd/*
%hospes ALL=(root) sudoedit /etc/hosts
Next I would like to allow hospes to read /var/log/audit/audit.log. I
don't want to allow him to edit this file but only to read (e.g. cat
or grep). I don't want to change audit.log attributes. Any
suggestions, please?
TIA
--
Hiisi.
Registered Linux User #487982. Be counted at: http://counter.li.org/
--
Spandex is a privilege, not a right.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 03:39 PM
Hiisi
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

Hi, list!
Sorry for off-topic. I want to give certain users to execute some
commands to configure web-server. Here's what I have in /etc/sudoers
for user 'hospes':
Cmnd_Alias HOSPES = /sbin/service, /sbin/chkconfig,
/usr/sbin/setsebool, /sbin/restorecon, /usr/sbin/semanage,
/usr/sbin/setenforce
%hospes ALL=(root) sudoedit /etc/httpd/*
%hospes ALL=(root) sudoedit /etc/hosts
Next I would like to allow hospes to read /var/log/audit/audit.log. I
don't want to allow him to edit this file but only to read (e.g. cat
or grep). I don't want to change audit.log attributes. Any
suggestions, please?
TIA
--
Hiisi.
Registered Linux User #487982. Be counted at: http://counter.li.org/
--
Spandex is a privilege, not a right.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 03:45 PM
James McKenzie
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

On 6/9/11, Hiisi <hiisi@fedoraproject.org> wrote:
> Hi, list!
> Sorry for off-topic. I want to give certain users to execute some
> commands to configure web-server. Here's what I have in /etc/sudoers
> for user 'hospes':
> Cmnd_Alias HOSPES = /sbin/service, /sbin/chkconfig,
> /usr/sbin/setsebool, /sbin/restorecon, /usr/sbin/semanage,
> /usr/sbin/setenforce
> %hospes ALL=(root) sudoedit /etc/httpd/*
> %hospes ALL=(root) sudoedit /etc/hosts
> Next I would like to allow hospes to read /var/log/audit/audit.log. I
> don't want to allow him to edit this file but only to read (e.g. cat
> or grep). I don't want to change audit.log attributes. Any
> suggestions, please?
What group owns the log file. It may be as simple as adding the group
to the sudoers file with the /var/log directory.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 03:45 PM
James McKenzie
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

On 6/9/11, Hiisi <hiisi@fedoraproject.org> wrote:
> Hi, list!
> Sorry for off-topic. I want to give certain users to execute some
> commands to configure web-server. Here's what I have in /etc/sudoers
> for user 'hospes':
> Cmnd_Alias HOSPES = /sbin/service, /sbin/chkconfig,
> /usr/sbin/setsebool, /sbin/restorecon, /usr/sbin/semanage,
> /usr/sbin/setenforce
> %hospes ALL=(root) sudoedit /etc/httpd/*
> %hospes ALL=(root) sudoedit /etc/hosts
> Next I would like to allow hospes to read /var/log/audit/audit.log. I
> don't want to allow him to edit this file but only to read (e.g. cat
> or grep). I don't want to change audit.log attributes. Any
> suggestions, please?
What group owns the log file. It may be as simple as adding the group
to the sudoers file with the /var/log directory.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 05:58 PM
Hiisi
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

On 9 June 2011 19:45, James McKenzie <jjmckenzie51@gmail.com> wrote:
> On 6/9/11, Hiisi <hiisi@fedoraproject.org> wrote:
<--SNIP-->
> What group owns the log file. *It may be as simple as adding the group
> to the sudoers file with the /var/log directory.

Thanks, James, but it's owned by root:root. I don't want to add him to
the root group. Neither want I to change it to root:hospes.
Any other suggestions?
--
Hiisi
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-12-2011, 12:14 AM
James McKenzie
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

On 6/9/11 10:58 AM, Hiisi wrote:
> On 9 June 2011 19:45, James McKenzie<jjmckenzie51@gmail.com> wrote:
>> On 6/9/11, Hiisi<hiisi@fedoraproject.org> wrote:
> <--SNIP-->
>> What group owns the log file. It may be as simple as adding the group
>> to the sudoers file with the /var/log directory.
> Thanks, James, but it's owned by root:root. I don't want to add him to
> the root group. Neither want I to change it to root:hospes.
> Any other suggestions?
You could always make the file world-read. That means EVERYONE can read
the file. You just don't have to tell them....

James

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-12-2011, 06:37 AM
Hiisi
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

On 12 June 2011 04:14, James McKenzie <jjmckenzie51@gmail.com> wrote:
> On 6/9/11 10:58 AM, Hiisi wrote:
<--SNIP-->
>> Any other suggestions?
> You could always make the file world-read. *That means EVERYONE can read
> the file. *You just don't have to tell them....
>

Surely I can. I just thought there should be the other way. Say, thru
sudo. Well, it seems that changing file attributes is the only way
here.
Thank you for your advices, Mr McKenzie.
--
Hiisi
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-12-2011, 01:30 PM
Andre Speelmans
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

> Surely I can. I just thought there should be the other way. Say, thru
> sudo. Well, it seems that changing file attributes is the only way
> here.

Add this to the Cmnd_alias:
less /var/log/audit/audit.log


--
Kind regards,

André
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-12-2011, 01:57 PM
Benedict S
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

I think you can use acl to add this user to *the attribute of the file of audit.log

2011/6/12 Andre Speelmans <fedora-list@cosiso.nl>

> Surely I can. I just thought there should be the other way. Say, thru

> sudo. Well, it seems that changing file attributes is the only way

> here.



Add this to the Cmnd_alias:

less */var/log/audit/audit.log





--

Kind regards,



André

--

users mailing list

users@lists.fedoraproject.org

To unsubscribe or change subscription options:

https://admin.fedoraproject.org/mailman/listinfo/users

Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-12-2011, 02:13 PM
James McKenzie
 
Default OT: allow ordinary user to read /var/log/audit/audit.log

On 6/11/11 11:37 PM, Hiisi wrote:
> On 12 June 2011 04:14, James McKenzie<jjmckenzie51@gmail.com> wrote:
>> On 6/9/11 10:58 AM, Hiisi wrote:
> <--SNIP-->
>>> Any other suggestions?
>> You could always make the file world-read. That means EVERYONE can read
>> the file. You just don't have to tell them....
>>
> Surely I can. I just thought there should be the other way. Say, thru
> sudo. Well, it seems that changing file attributes is the only way
> here.
You might be able to do this using sudo but the command would have to be
very specific. I did not think of editing the sudoers file for this.

James McKenzie

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 08:06 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org