Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
/var/log/emerge.log permissions
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
eeckwrk99
Apprentice
Apprentice


Joined: 14 Mar 2021
Posts: 232
Location: Gentoo forums

PostPosted: Sun Dec 31, 2023 11:14 pm    Post subject: /var/log/emerge.log permissions Reply with quote

/var/log/emerge.log is owned by portage user from portage group and has 660 permissions:
Code:
$ ls -lh /var/log/emerge.log
-rw-rw---- 1 portage portage 22M Dec 31 08:03 /var/log/emerge.log


As a result, any emerge.log parser tool such as emlop, qlop or genlop won't work with a regular user (provided it isn't part of the portage group, which I recently learned is discouraged):

Code:
$ emlop l -e sys-apps/portage
[ERROR emlop] Cannot open "/var/log/emerge.log": Permission denied (os error 13)

$ sudo emlop l -e sys-apps/portage
[..]
2023-12-15 18:49:18     16 sys-apps/portage-3.0.57
2023-12-30 18:00:49     22 sys-apps/portage-3.0.59

$ qlop sys-apps/portage
qlop: Could not open logfile '/var/log/emerge.log': Permission denied

$ sudo qlop sys-apps/portage
[..]
2023-12-15T18:49:02 >>> sys-apps/portage: 16s
2023-12-30T18:00:27 >>> sys-apps/portage: 22s

$ genlop sys-apps/portage
genlop: cannot open /var/log/emerge.log for reading
maybe you are not a member of the portage group ?

$ sudo genlop sys-apps/portage
    [..]
    Fri Dec 15 18:49:18 2023 >>> sys-apps/portage-3.0.57
    Sat Dec 30 18:00:49 2023 >>> sys-apps/portage-3.0.59


I was wondering what is the rationale behind the 660 permissions. For instance, on Arch Linux, /var/log/pacman.log has 644 permissions, so any Pacman related tool such as paclog works with any user:
Code:
$ ls -lh /var/log/pacman.log
-rw-r--r-- 1 root root 15M Dec 31 23:00 /var/log/pacman.log

$ paclog --package=pacman
[2023-05-21T18:26:44+0200] [ALPM] upgraded pacman (6.0.2-6 -> 6.0.2-7)
[2023-09-21T09:00:38+0200] [ALPM] upgraded pacman (6.0.2-7 -> 6.0.2-8)


Last edited by eeckwrk99 on Mon Jan 01, 2024 12:03 am; edited 1 time in total
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5240
Location: Bavaria

PostPosted: Sun Dec 31, 2023 11:49 pm    Post subject: Reply with quote

It has 660 (not 600) and if your admin user (=you?) is in portage group it should work.
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
eeckwrk99
Apprentice
Apprentice


Joined: 14 Mar 2021
Posts: 232
Location: Gentoo forums

PostPosted: Mon Jan 01, 2024 12:08 am    Post subject: Reply with quote

pietinger wrote:
It has 660 (not 600)

Indeed, my bad. I edited OP. Thanks!

pietinger wrote:
and if your admin user (=you?) is in portage group it should work.

Yes, it works if your user is in portage group. But this is not recommended, see Hu's comment I linked in OP.
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5240
Location: Bavaria

PostPosted: Mon Jan 01, 2024 1:11 pm    Post subject: Reply with quote

Maybe the easiest solution is to chmod it to 664. Another way is to do a su - when doing some portage jobs (I do).

(Yes, there was a discussion about a more secure invocation of su ... but I have dev.tty.legacy_tiocsti = 0 in my sysctl.conf).
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
eeckwrk99
Apprentice
Apprentice


Joined: 14 Mar 2021
Posts: 232
Location: Gentoo forums

PostPosted: Mon Jan 01, 2024 2:31 pm    Post subject: Reply with quote

pietinger wrote:
Maybe the easiest solution is to chmod it to 664. Another way is to do a su - when doing some portage jobs (I do).

Sure, Im just using sudo or su - now. I'm just curious as to why it comes with 660 permissions. What kind of sensitive information would emerge.log contain to deny read access to a regular user? I don't know.

Now that I think about it, this is the same for failed compilations logs in /var/tmp/portage/category/name/temp/build.log.
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 5240
Location: Bavaria

PostPosted: Mon Jan 01, 2024 7:08 pm    Post subject: Reply with quote

eeckwrk99 wrote:
[...] What kind of sensitive information would emerge.log contain to deny read access to a regular user? I don't know.

I don't know that either. Maybe only a developer from the security team can answer that ... or maybe it's just a mistake. Maybe you want to write a bug report ?
_________________
https://wiki.gentoo.org/wiki/User:Pietinger
Back to top
View user's profile Send private message
eeckwrk99
Apprentice
Apprentice


Joined: 14 Mar 2021
Posts: 232
Location: Gentoo forums

PostPosted: Mon Jan 01, 2024 7:48 pm    Post subject: Reply with quote

pietinger wrote:
or maybe it's just a mistake.

Considering all these log files (build logs, emerge.log, emerge-fetch.log...) seem to have 660 permissions, it suggests that it's done purposely.

I wonder what are the permissions for similar log files on other distros such as Debian, Fedora, Void...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum