On 29/03/2011 3:09 PM, David Baldwin wrote:
Finally, here is all the info I can see on the file: hobbit at host:/var/log$ stat /var/log/messages File: `/var/log/messages' Size: 21353 Blocks: 48 IO Block: 1048576 regular file Device: eh/14d Inode: 4202796 Links: 1 Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 4/ adm) Access: 2011-03-28 20:21:00.000000000 +1100 Modify: 2011-03-29 13:27:00.000000000 +1100 Change: 2011-03-29 13:27:00.000000000 +1100
I'm running a fairly standard Debian lenny
The root user has no problem reading/writing the file/etc....
Any pointers would be appreciated.... My solution to this one is to modify /etc/logrotate.d/syslog and change group permissions on the file in question. A better solution might be to use ACLs, but I tried that once and ran into an issue where '-r' test didn't respect ACLs when checking it could read the log file! That may have been back in the days of BB even... Group permissions haven't caused any issues anyway :) Thanks for your suggestion, but I have other processes that rely on the adm group having access to the log files, and I don't want to make them world readable.
The very short problem is:
- I am a user with a supplemental group (adm)
- I have a file with my supplemental group (adm) which is group readable
- I can't read the file
I understand permissions, groups, etc very well, I understand logrotate and it's config files, but I am stumped as to why this isn't working....
Thanks, Adam