You are not logged in.
Ok, I feel a bit silly for asking this . Why can't I read /var/log/auth.log (and other logs) files as a user? I'm a member of adm and log groups, and have logged out/in again. I can only read logs while sudoing. What haven't I done?
If I 'chmod +r' it, it will get reset on the next reboot. It seems to reset it after running rc.local, as putting the chmod in there doesn't work.
Thanks!
Offline
do ls -l on /var/log and see which logs are available to the group log (not all are). also see what permissions are set for said logs.
in my case:
> ll /var/log/auth.log
-rw-r----- 1 root log 22K 2009-07-15 16:59 /var/log/auth.log
so, /var/log/auth.log is root:log and permissions are 640 (readable by group, log). i didn't do anything special to achieve this so i don't know why yours is different
//github/
Offline
$ ls -l /var/log
total 4420
drwxr-xr-x 2 root root 4096 2009-07-11 13:57 ConsoleKit
-rw-r--r-- 1 root users 37142 2009-07-15 20:44 Xorg.0.log
-rw-r--r-- 1 root users 37822 2009-07-15 07:38 Xorg.0.log.old
-rw-r----- 1 root root 66392 2009-07-15 21:41 auth.log
-rw-r--r-- 1 root root 64308 2009-07-12 16:01 bootchart.tgz
-rw------- 1 root root 0 2009-07-11 13:11 btmp
-rw-r--r-- 1 root root 3698 2009-07-15 22:01 crond
-rw-r----- 1 root root 376571 2009-07-15 20:44 daemon.log
-rw-r--r-- 1 root root 22467 2009-07-15 20:44 dmesg.log
-rw-r----- 1 root root 10797 2009-07-15 21:14 errors.log
-rw-r----- 1 root root 1491246 2009-07-15 22:01 everything.log
-rw------- 1 root root 32032 2009-07-11 19:48 faillog
-rw-r----- 1 root root 1104476 2009-07-15 21:23 kernel.log
-rw-r--r-- 1 root root 292292 2009-07-11 19:48 lastlog
-rw-r----- 1 root root 795608 2009-07-15 22:01 messages.log
drwxr-xr-x 2 root root 4096 2009-06-07 20:37 old
-rw-r--r-- 1 root root 41941 2009-07-14 21:29 pacman.log
drwxr-xr-x 2 root root 4096 2009-06-24 14:19 samba
-rw-r--r-- 1 root root 44404 2009-07-15 20:44 soundon.log
-rw-r----- 1 root root 4940 2009-07-15 20:44 syslog.log
-rw-r----- 1 root root 4900 2009-07-15 20:44 user.log
-rw-r--r-- 1 root root 304896 2009-07-15 20:44 wtmp
So mine aren't owned by the log group. I will try changing the group. But I suspect it may get reset when rebooting. I'll give it a go. Cheers!
Offline
It seems to work fine after reboot! thanks!
One last question, are all your log files owned by group log? Thanks again
Edit: Actually this doesn't matter too much as auth.log is all I care about. I'll put 'chown root:log /var/log/auth.log' into local.rc so when the log files are rotated the new auth.log will be owned by log. Actually do files get rotated at boot, or any old time when they start getting big? I might have to cron it.
I wonder why were mine not owned by log in the first place, it's like this on both my boxes. O well, thanks for the help brisbin!
Last edited by sw (2009-07-15 21:47:23)
Offline
I'll put 'chown root:log /var/log/auth.log' into local.rc so when the log files are rotated the new auth.log will be owned by log.
Ick. Nasty hack.
Put this in /etc/logrotate.conf
create 640 root log
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
ah, I didn't know about that. That's much better. Thanks!
Last edited by sw (2009-07-16 06:26:51)
Offline