Adam,

Hi all,

I've got a bit of a problem across a number of machines which I'm having some trouble working out.

Basically, the problem is my hobbit user can't display my log files: hobbit at host:/var/log$ cat messages cat: messages: Permission denied

However, the user has these permissions/groups hobbit at host:/var/log$ id uid=110(hobbit) gid=110(hobbit) groups=0(root),4(adm),110(hobbit)

The directories leading to the file have these permissions: hobbit at host:/var/log$ ls -ld / drwxr-xr-x 24 root root 4096 Nov 19 2009 / hobbit at host:/var/log$ ls -ld /var drwxr-xr-x 15 root root 4096 Nov 19 2009 /var hobbit at host:/var/log$ ls -ld /var/log drwxr-xr-x 14 root root 4096 Mar 29 08:46 /var/log

The file has read permissions to the adm group of which we are a member (above) hobbit at host:/var/log$ ls -ld /var/log/messages -rw-r----- 1 root adm 21353 Mar 29 13:27 /var/log/messages

A shortcut for just checking modes is namei

namei -m /var/log/messages

f: /var/log/messages drwxr-xr-x / drwxr-xr-x var drwxr-xr-x log -rwxr-x--- messages

Finally, here is all the info I can see on the file: hobbit at host:/var/log$ stat /var/log/messages File: `/var/log/messages' Size: 21353 Blocks: 48 IO Block: 1048576 regular file Device: eh/14d Inode: 4202796 Links: 1 Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 4/ adm) Access: 2011-03-28 20:21:00.000000000 +1100 Modify: 2011-03-29 13:27:00.000000000 +1100 Change: 2011-03-29 13:27:00.000000000 +1100

I'm running a fairly standard Debian lenny

The root user has no problem reading/writing the file/etc....

Any pointers would be appreciated....

My solution to this one is to modify /etc/logrotate.d/syslog and change group permissions on the file in question. A better solution might be to use ACLs, but I tried that once and ran into an issue where '-r' test didn't respect ACLs when checking it could read the log file! That may have been back in the days of BB even... Group permissions haven't caused any issues anyway :)

If your distro uses something other than logrotate to manage file rotation you'll need to work out an appropriate recipe...

cat /etc/logrotate.d/syslog

/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron { sharedscripts postrotate /bin/kill -HUP cat /var/run/syslogd.pid 2> /dev/null 2> /dev/null || true /bin/kill -HUP cat /var/run/rsyslogd.pid 2> /dev/null 2> /dev/null || true chmod 750 /var/log/messages chgrp hobbit /var/log/messages endscript }

David.

-- David Baldwin - IT Unit Australian Sports Commission www.ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 david.baldwin at ausport.gov.au Leverrier Street Bruce ACT 2617

Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.