What is the best practice to allow a 3rd party health monitoring app to read the messages file. Since messages is a system file and is owned by root the app cannot read the file. I don't want to run the app as root so how should I allow the app to read the file. The read function is actually built into the apps binary so its not using /bin/view or /bin/more to read messages which I believe stops me from being able to add the permissions in the sudoers file.
Any thoughts or suggestions are greatly appreciated. Thanks.
What is your operating system ?
Most of modern unix and linux operating systems support ACLs.
Add the extra privilege to certain user(s) and/or groups only (the one who is running the monitoring client on same machine).
Depending on the operating system, this is done with setfacl or chmod (on solaris systems).
Hope that helps
Best regards
Peasant.
I would simply make the /var/log/messages world-readable.
This is traditional Unix standard, and works unless you have an application that logs sensitiv data. (And in this case the application should be fixed.)
Settings an ACL might fail e.g. after a logfile rotation.