How to share nginx log's without sudo to another user?

linux ubuntu nginx logging
15,437

For example, like this:

chmod 755 /var/log/nginx && chmod 644 /var/log/nginx/*.log && chmod 644 /var/log/nginx/*.gz

this way anyone will be able to cwd and read the contents of the /var/log/nginx directory and read the *.log files.

You should also check the log rotating configuration so the permissions won't be changed again. For the last several versions of Nginx, up to and including 1.6.2, the file /etc/logrotate.d/nginx has used the line create 0640 www-data adm to set permissions when rotating logs. This should be changed to something like create 0644 www-data adm. It should be noted that this solution allows all users on the server to read all Nginx logs.

Update: logrotate configs also should be updated to include the su www-data adm to allow the logadm utility to work without complaining about incorrect directory permissions.

Share:
15,437
Alexander Kim
Author by

Alexander Kim

Middle Frontend-engineer. Working with JS: Vue/Nativescript/Electron/Express || Koa.

Updated on September 18, 2022

Comments

  • Alexander Kim
    Alexander Kim over 1 year

    I have 2 users on my server. One with sudo access another without. How can i give access to nginx logs 

    /var/log/nginx/error.log

    To another user without sudo permission to use cat /var/log/nginx/error.log ? Can i create something like a symlink to log in his /home/username directory?

    So my question is - how can a user without sudo permission check nginx logs?

    • dawud
      dawud over 9 years
      sudo access to what? It is not clear from your question. I know some people make 'sudo access' to mean 'root access', but that is not technically accurate. Please ellaborate.
    • gparent
      gparent over 9 years
      yeah you could use sudo to give him the permissions actually, depending how you want to configure it.
    • Paul
      Paul over 9 years
      @GregBowser IMHO, using ACLs without understanding ACLs is a recipe for problem.
  • Paul
    Paul over 9 years
    Default Nginx configuration in /etc/logrotate.d/nginx is create 0640 www-data adm. That's in 1.6.2, but I don't think that line has changed in quite some time.
  • drookie
    drookie over 9 years
    This answer is writtent so it would be universal and generic, rather than ubuntu-nginx-1.6.2-20141110-specific.
  • Admin
    Admin over 6 years
    nginx config in logrotate d was resetting it. Fixed it by changing it.
  • Poul K. Sørensen
    Poul K. Sørensen over 5 years
    Is there no other way to solve this, such when a different user tries to start nginx that it uses a different log path? I tried adding it to my new nginx.conf file but when running nginx -c newnginx.conf on this new user, it still tries to access the /var/log/nginx...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Nginx writing separately to two different logs
How to enable/install the php fileinfo module for php 7.2
No kernel messages are logged to kern.log
How can I view live logs on a Linux server (Ubuntu)
How can I get log messages from the LAMP server on Ubuntu 10.04?
Rsyslog outputting to custom log file
How do erase the contents of a error.log file but keep the file intact
How to log kvm/qemu guest boot/reboot/shutdown time?
Permission denied for Nginx even if www-data user has group write access
Nginx return 301 redirects all domains