How to share nginx log's without sudo to another user?
For example, like this:
chmod 755 /var/log/nginx && chmod 644 /var/log/nginx/*.log && chmod 644 /var/log/nginx/*.gz
this way anyone will be able to cwd and read the contents of the /var/log/nginx directory and read the *.log files.
You should also check the log rotating configuration so the permissions won't be changed again. For the last several versions of Nginx, up to and including 1.6.2, the file /etc/logrotate.d/nginx
has used the line create 0640 www-data adm
to set permissions when rotating logs. This should be changed to something like create 0644 www-data adm
. It should be noted that this solution allows all users on the server to read all Nginx logs.
Update: logrotate configs also should be updated to include the su www-data adm
to allow the logadm utility to work without complaining about incorrect directory permissions.
Alexander Kim
Middle Frontend-engineer. Working with JS: Vue/Nativescript/Electron/Express || Koa.
Updated on September 18, 2022Comments
-
Alexander Kim over 1 year
I have 2 users on my server. One with sudo access another without. How can i give access to nginx logs
/var/log/nginx/error.log
To another user without
sudo
permission to usecat /var/log/nginx/error.log
? Can i create something like a symlink to log in his /home/username directory?So my question is - how can a user without
sudo
permission check nginx logs?-
dawud over 9 years
sudo
access to what? It is not clear from your question. I know some people make 'sudo access' to mean 'root access', but that is not technically accurate. Please ellaborate. -
gparent over 9 yearsyeah you could use
sudo
to give him the permissions actually, depending how you want to configure it. -
Paul over 9 years@GregBowser IMHO, using ACLs without understanding ACLs is a recipe for problem.
-
-
Paul over 9 yearsDefault Nginx configuration in
/etc/logrotate.d/nginx
iscreate 0640 www-data adm
. That's in 1.6.2, but I don't think that line has changed in quite some time. -
drookie over 9 yearsThis answer is writtent so it would be universal and generic, rather than ubuntu-nginx-1.6.2-20141110-specific.
-
Admin over 6 yearsnginx config in logrotate d was resetting it. Fixed it by changing it.
-
Poul K. Sørensen over 5 yearsIs there no other way to solve this, such when a different user tries to start nginx that it uses a different log path? I tried adding it to my new nginx.conf file but when running nginx -c newnginx.conf on this new user, it still tries to access the /var/log/nginx...