2

I'm running zabbix-agent on a centos 7 machine under user/group zabbix. I want to give the zabbix user access to a couple of log files in folders under:

/var/log
/usr/local/cpanel/logs/

What is the best way to give that user access to those files. Since for example /var/log/messages is owned by root, I can't just chmod the files to zabbix. Also running the zabbix agent under root sounds like a bad plan.

What is the best approach? should I use setfacl? If I use setfacl, should I add rights to all preceding folders as well?

Thanks

smonff
  • 346
  • 2
  • 5
  • 15
mitch2k
  • 161
  • 2
  • 7

1 Answers1

2

You could add zabbix user to adm group to read logs in /var/log and add to respective group to have access to /usr/local/cpanel/logs/.

adm: Group adm is used for system monitoring tasks. Members of this group can read many log files in /var/log, and can use xconsole. Historically, /var/log was /usr/adm (and later /var/adm), thus the name of the group.

Alexander Tolkachev
  • 4,608
  • 3
  • 14
  • 23