1. EAGLE Database Administration - SEAS User's Guide
  2. SEAS Installation
  3. Grant Permission

B.4 Grant Permission

The below steps describe how to give permission to a particular user (like - tklcuser) to read /var/log/secure file.

Commands and sample outputs are shown in for reference.

  1. Check whether the user “tklcuser” has the permission to use secure file or not. To do so, login or switch to the user (tklcuser) which receives seas subsystem request.
  2. Run the below mentioned command to check whether tklcuser can see the output or not.

    cat /var/log/secure | grep Accepted | tail -1

  3. If tklcuser user can see the below sample output, then skip below steps. If not, then proceed to the next step.
    Feb 18 04:24:43 iptool11804 sshd[19010]: Accepted password for tklcuser from 10.75.136.166 port 64127 ssh2
  4. In case “Permission denied” error is encountered, give read permission to tklcuser using below steps. To do so, switch to root user.

    su - root

  5. Change directory to /var/log/ folder.

    cd /var/log

  6. Check the permission of “secure” file. Sample output is shown below. It shows that only root user has read and write permissions.

    ls –ltr secure

    -rw------- 1 root  root  45098417 Feb 18 05:07 secure
  7. Run the below mentioned command to check whether the machine supports setfacl command or not. If it shows output as below, then you are good to go to next steps. Otherwise, first install acl package on your machine.
    which setfacl
    /usr/bin/setfacl
  8. Run getfacl command to check the permission of secure file. Output is shown below.

    Getact secure

    
# file: secure
# owner: root
# group: root
user::rw-
group::---
mask::---
other::---
  9. Run setfacl (set File ACL) command to give read permission to tklcuser to read secure file.

    setfacl -m u:tklcuser:r secure

  10. Check the permission of secure file again. “+” symbol will appear after the permission. Also, use getfacl command to verify tklcuser permission.

    ls -ltr secure

    -rw-r-----+ 1 root root 45335113 Feb 18 07:23 secure

    getfacl secure

    # file: secure
# owner: root
# group: root
user::rw-
user:tklcuser:r--
group::---
mask::r--
other::---group::---
mask::---
other::---
  11. Now tklcuser has read permission for /var/log/secure. Cross verify this by performing steps 1 and 2 again.