Guys I need your help, I can access my syslog with my normal user, permissions are messed up
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Guys I need your help, I can access my syslog with my normal user, permissions are messed up
I did
Code:
ls -l /var/log/syslog
and got the result
Code:
-rw-r--r-- 1 syslog adm 198407 Nov 24 13:30 /var/log/syslog
Now I know that that extra r at the end shouldn't be there, how can I fix my permissions so that only root can access my syslog? Because as of right now I can
Code:
cat /var/log/syslog
without root password and it's driving me nuts.
My system specs are as follows. Ubutu mate 16.04 with esm updates until 2024. My kernel is
Make sure whatever is rotating your logs is setting it correctly as well or it will go back to whatever it is set as.
Hey it worked, I got permission denied. now let's hope that I didn't break syslog and the OS won't have a place to put it's syslog complaints. I am crossing my flippers.
how can I fix my permissions so that only root can access my syslog? Because as of right now I can without root password and it's driving me nuts.
Why? There is no explicit security information in syslog. If it falls into the wrong hands, the worst that can happen is that it will provide some information about the system configuration which may be helpful when probing for weaknesses and vulnerabilities but, as it is usually done by automated metasploit scanning, not by careful perusing of the logs and picking individual opportunities, your logs are useless for hackers. Don't bother. BTW the default access settings for syslog is not just root, but root and all users in the group adm.
Why? There is no explicit security information in syslog. If it falls into the wrong hands, the worst that can happen is that it will provide some information about the system configuration which may be helpful when probing for weaknesses and vulnerabilities but, as it is usually done by automated metasploit scanning, not by careful perusing of the logs and picking individual opportunities, your logs are useless for hackers. Don't bother. BTW the default access settings for syslog is not just root, but root and all users in the group adm.
I wasn't aware, thank you for telling me this information, it is really helpful.
cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# use the syslog group by default, since this is the owning group
# of /var/log/syslog.
su root syslog
# keep 4 weeks worth of backlogs
rotate 4
# restrict maximum size of log files
size 250M
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}
# system-specific logs may be configured here
Do you see anything in there that would effect my syslog from changing permission to user again after the next rotation ?
Last edited by tuxthegreat; 11-25-2023 at 06:35 AM.
The umask of whoever is running logrotate might set it back 644 after rotation. You could chmod in the post rotate section of the syslog stanza if that happens. That's kind of hacky, and you might want to study/learn logrotate from its manpage if you want to do more fancy things than the default for your system.
Are you running Ubuntu? One of the default user groups is adm. If your user is in that group then you have read permissions as you showed. To remove that just remove yourself from the group. Much better choice than messing with permissions outside of your home folder.
Code:
-rw-r--r-- 1 syslog adm 198407 Nov 24 13:30 /var/log/syslog
Are you running Ubuntu? One of the default user groups is adm. If your user is in that group then you have read permissions as you showed. To remove that just remove yourself from the group. Much better choice than messing with permissions outside of your home folder.
Code:
-rw-r--r-- 1 syslog adm 198407 Nov 24 13:30 /var/log/syslog
Ok I looked up removing groups and here is what I got
Code:
~# groups tuxthegreat
tuxkthegreat : tuxthegreat sudo deluge
Is this the group I want to edit or is it a different group, why is deluge in that group, I will remove deluge from the group by doing
Now deluge is gone from the group, are there any other groups I should edit? Is there a groups -list command or something of that nature? This is very helpful as I am going to attempt to install LFS in the upcoming weeks.
Last edited by tuxthegreat; 11-25-2023 at 03:08 PM.
This is very helpful as I am going to attempt to install LFS in the upcoming weeks.
When you build LFS, you create a special LFS user first to do the job, and then construct a standard environment for them, precisely so that you don't carry over any weirdness from your distro's default environment.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.