How to Create a User in Ubuntu as Read-Only Access to Log Folder

Ubuntu is a popular multiuser Linux distribution used by many system administrators. One common task of the OS is creating a new user with specific permissions. In this article, I will discuss how to create a user in Ubuntu as read-only access to the log folder. In some cases that is very useful to provide limited access to system logs while maintaining security and control over the system. So let’s begin the process where you will find the steps to create a new user, give it read-only access to the log folder, and also verify the access.

Key Takeaways

• Learn to create a new user as read-only access to the log folder in Ubuntu.
• Build a solid foundation for managing user accounts and file permissions.
• Get familiar with the chgrp, addgroup, chmod, chown, usermod & some other commands in Linux.

Requirements

• To create a user and remove or modify folder permissions in Ubuntu, you must either be the root user or have root/sudo privileges.

Process Flow Chart

Distro Used Throughout the Tutorial: Ubuntu 22.04.1 LTS

Watch How to Create a User as Read-Only Access to the Log Folder

7 Steps to Create a User as Read-Only Access to the Log Folder

Learning to create a new user and configure the necessary permissions for files & folders is a must-know knowledge for Ubuntu users. Since it assures security, system integrity, resource management, and personalization options while sharing specified files between multiple users.

In the following article, I will explain step-by-step processes to create a user with read-only access to the log folder in Ubuntu.

Step 1: Create a User in Ubuntu

The distribution provides two different commands to create a new user. First, create a user using the adduser or useradd command. Here, I will create a user using the adduser command.

Steps to Follow >

➊ Open your Ubuntu terminal application.

➋ Type the following command in your command prompt to create a user:

sudo adduser logreader

➌ Tap the ENTER key.

➍ Next, give the currently logged-in user password.

➎ Then, hit the ENTER button again.

➏ Afterward, type & retype the new user password with other information. However, you can skip setting other information by pressing ENTER each time.

➐ Finally, press the ‘Y’ & then the ENTER key to confirm the new user creation. There you go, you have successfully created a new user.

Step 2: Create a Group in Linux

Next, create a group using the addgroup command. Creating a group and adding the user to that group is necessary. Since it helps to assign read-only access to the log files to that specific user of the group, instead of giving access to all users on the system. Follow the below steps to create a group.

Steps to Follow >

➊ Write the following command in the command prompt to add the new group named “logs”:

sudo addgroup logs

➋ Press the ENTER key. The addgroup command creates a new group named ‘logs’.

Step 3: Add the User to the Groups in Ubuntu

Afterward, add the user to the ‘logs’ group using the usermod command. Now by default, a new user is only a member of their own group. But to give the user any type of access permission or let modify any files or folders, in addition to the “logs” group you have to add it to the “sudo” group. So that it can have administrative privileges. Go through the below steps.

Steps to Follow >

➊ Write the following command in the command prompt to add the new user to the groups “logs” & “sudo”:

Syntax: sudo usermod [Options] GROUP_NAMEs USER_NAME

sudo usermod -aG logs,sudo logreader

➋ Press the ENTER key. The command after execution is modifying the logreader user by adding it to the “logs” & “sudo” groups.

➌ Then, type the below command, to see if you have successfully added the user to the groups:

id logreader

➍  Finally, tap the ENTER button. The id command output shows the UID, and GID of the new user, along with the groups (27 & 1002) it belongs to.

---

• How to Create a Jenkins User on Ubuntu? [2 Methods]
• How to Create MySQL User in Ubuntu? [2 Cases]
• Create User Without Home Directory in Ubuntu in Just 3 Steps
• How to Create a User in Docker Container Without Docker File?

---

Step 4: Add the Log Folder to the Group

After you have added the new user to the log group, add the log folder to that group too using the chgrp command. Hence follow the below steps and command syntax:

Steps to Follow >

➊ Type the following command in the command prompt to set permissions to the drive:

Syntax: sudo chgrp GROUP_NAME /path/to/Log_Folder

sudo chgrp logs /var/log

➋ After that, press the ENTER button.

➌ Afterward, give the password and press ENTER again. The chgrp command adds the log folder to the “logs” group.

Step 5: Change the Log Folder Permission

In this step, set the log folder permission as read-only for the group. For that use the chmod command. You can use the command in either absolute (numeric such as 750, 777) or symbolic mode ( with symbols like +, -, u, g, o, r, w, x) to set permissions to the folder. Here, I will use symbols with logical operators as command parameters. Check the below command syntax with the following steps:

Steps to Follow >

➊ Type the following command in the command prompt to set permissions to the drive:

Syntax: sudo chmod +Permissions /path/to/the/drive

sudo chmod g+r /var/log

➋ Next hit the ENTER button. The chmod command adds read-only permissions to the group for the log folder and the logreader user is a member of that group.

Step 6: Switch to New User in Linux

After you have given the new user read-only access to the log folder, next let’s switch to the new user account to verify if really access those files & read them. Therefore act according to the below steps.

Steps to Follow >

➊ First, write the following command to switch to the new user account:

su - logreader

➋ Next, press the ENTER key. Upon execution, the su command switches to the ‘logreader’ user’s home directory.

---

• How to Create Multiple Users in Linux? [2 Methods]
• How to Create a Root User in Ubuntu [Step-by-Step]
• How to Create User Account in Ubuntu with Public Key
• Create A User in Ubuntu that Runs a Script and Logs Out [4 Steps]

---

Step 7: Access the Log Folder & Read the Log Files of Ubuntu

After switching to the new user, try to access the log folder using the cd command. Check the folder files list and then try to read them. Follow the below steps.

Steps to Follow >

➊ Write the following command to change the working directory to the log folder:

cd /var/log

➋ Press the ENTER key.

➌ Next, check the log folders list using the ls command:

ls -lh

➍ Tap the ENTER key. ➎ After that try to open any of the log files to read using the nano text editor, write the below comments:

nano syslog

OR,

nano bootstrap.log

➏ Hit the ENTER key after typing each command. The nano editor will pop up right away with the specified log file, as you can see from the upper pictures of the syslog file & bootstrap.log file that are opened in the editor. The logreader user can read these files but can’t write or modify them. Check the bottom note that is showing the message, “[File ‘syslog’ is unwritable]”. Since the user has only read-only access to these files.

Complementary Information

Besides, knowing how to create a new user as read-only access to the log folder in Ubuntu, you will find the information below helpful.

How to Remove Read-Only Permissions from the Log Folder in Linux

So far you know how to give read-only access to the newly created user, now what if you want to remove the granted access? Check out the below steps to learn the process:

Steps to Follow >

➊ First, open your terminal & switch to the new user by typing the below command:

su - logreader

➋ Then, remove read-access from the user for the log folder using the following command:

sudo chmod u-r /var/log

➌ Next, change the current working directory from the user’s home directory to the log folder directory and see the list of log files:

cd /var/log

ls -lh

➎ From the list of files, try to open & read any of the log files in the nano editor. Let’s try to open the syslog file.

nano syslog

➏ Finally Press the ENTER button. The syslog file is unreadable. The user has no read permission for the log folder, thus it won’t be able to read or open any of the log folder files. Hence, you have successfully removed the read permission from the logreader user.

---

• How to Create an FTP User in Ubuntu? [Step-by-Step]
• Create a New SFTP User in Ubuntu with a New SSH Key
• How to Create Group and Add User in Ubuntu? [2 Cases]
• Create FTP User for Specific Directory in Ubuntu [4 Steps]

---

How to Give Read-Only Permission to a Specific Log File in Linux

In the upper example, you have read about giving the newly created user read-only access to the log folder. Now, what if you just want to give him/her read access to a specified file from the folder instead of the entire folder? In that case, the process is almost the same except that now you have to mention the path of the file inside the log folder.

For the process add the specified log file to the ‘logs’ group instead of the entire folder. And then change permission for that file. Read through the below steps where I will give the user read-only access to the “syslog” file.

Steps to Follow >

➊  In your Ubuntu terminal write the following command to change the “syslog” file group to “logs”:

sudo chgrp logs /var/log/syslog

➋ Press the ENTER button. ➌ After that, change the ‘syslog’ file permission using the below command:

sudo chmod g+r /var/log/syslog

➍ Next, tap the ENTER button.

➎ After switching to the new user, change the working directory from the user’s home to the log folder using the cd command and check the “syslog” files list using the grep command to the output of the ls command. Type as follows:

cd /var/log

ls -lh | grep syslog

From the output, you can see the “syslog” file is situated inside the “logs” group. And from the permissions parameter (-rw-r—–), you can also notice that the group has only read permission to the file.

➏  Afterward, try to open the syslog file with the nano editor:

nano syslog

➐ At this point, Hit the ENTER button. See from the nano editor, the logreader user can read the “syslog” file but can not write or modify it. Since the user only has read access.

➑ Afterward, let’s try to open any other file to which the user doesn’t have read access. For example, open the syslog.1 file using the nano editor.

nano syslog.1

➒ Finally press the ENTER key again.

Conclusion

In conclusion, the process to create a new user in Ubuntu as read-only access to the log folder is a simple yet effective security measure. It allows the user to view system logs without being able to modify them since it is helpful for troubleshooting & monitoring purposes. Throughout the article, I discussed the process with practical examples. Besides, I added some complementary info that will be helpful to gather some extra knowledge. Hope the article helps you in learning!

People Also Ask

Relaed Articles

• How to Create User and Add to Sudo in Ubuntu? [2 Methods]
• 2 Ways to Create a User With Access to a Drive in Ubuntu
• How to Create a New User in Ubuntu by GUI? [Step-by-Step]
• 2 Ways to Create User Account in Ubuntu Using Terminal
• How to Create Home Directory for Existing User in Ubuntu
• Create User with UID and GID in Ubuntu? [3 Scenarios]
• How to Create a Sudo User in Ubuntu? [Step-by-Step]