Ubuntu is a popular multiuser Linux distribution used by many system administrators. One common task of the OS is creating a new user with specific permissions. In this article, I will discuss how to create a user in Ubuntu as read-only access to the log folder. In some cases that is very useful to provide limited access to system logs while maintaining security and control over the system. So let’s begin the process where you will find the steps to create a new user, give it read-only access to the log folder, and also verify the access.
Key Takeaways
- Learn to create a new user as read-only access to the log folder in Ubuntu.
- Build a solid foundation for managing user accounts and file permissions.
- Get familiar with the chgrp, addgroup, chmod, chown, usermod & some other commands in Linux.
Requirements
- To create a user and remove or modify folder permissions in Ubuntu, you must either be the root user or have root/sudo privileges.
Process Flow Chart
Distro Used Throughout the Tutorial: Ubuntu 22.04.1 LTS
Watch How to Create a User as Read-Only Access to the Log Folder
7 Steps to Create a User as Read-Only Access to the Log Folder
Learning to create a new user and configure the necessary permissions for files & folders is a must-know knowledge for Ubuntu users. Since it assures security, system integrity, resource management, and personalization options while sharing specified files between multiple users.
In the following article, I will explain step-by-step processes to create a user with read-only access to the log folder in Ubuntu.
Step 1: Create a User in Ubuntu
The distribution provides two different commands to create a new user. First, create a user using the adduser or useradd command. Here, I will create a user using the adduser command.
Steps to Follow >
➊ Open your Ubuntu terminal application.
➋ Type the following command in your command prompt to create a user:
sudo adduser logreader
- sudo: permits administrative privileges.
- adduser: creates a new user.
- logreader: name of the newly created user.
➌ Tap the ENTER key.
➍ Next, give the currently logged-in user password.
➎ Then, hit the ENTER button again.
After entering the password, the command will add the new user to a new group, with the same name as the username, ‘logreader’. Moreover, it will create a home directory for storing the new user’s data.
After that, the command copies the contents of the “/etc/skel” directory to the new user’s home directory. The “/etc/skel” directory contains a set of default files and directories which provide a basic set of files and settings for the user.
➏ Afterward, type & retype the new user password with other information. However, you can skip setting other information by pressing ENTER each time.
➐ Finally, press the ‘Y’ & then the ENTER key to confirm the new user creation. There you go, you have successfully created a new user.
Step 2: Create a Group in Linux
Next, create a group using the addgroup command. Creating a group and adding the user to that group is necessary. Since it helps to assign read-only access to the log files to that specific user of the group, instead of giving access to all users on the system. Follow the below steps to create a group.
Steps to Follow >
➊ Write the following command in the command prompt to add the new group named “logs”:
sudo addgroup logs
- sudo: permits administrative privileges.
- addgroup: Create a new group.
- logs: Name of the
➋ Press the ENTER key. The addgroup command creates a new group named ‘logs’.
Step 3: Add the User to the Groups in Ubuntu
Afterward, add the user to the ‘logs’ group using the usermod command. Now by default, a new user is only a member of their own group. But to give the user any type of access permission or let modify any files or folders, in addition to the “logs” group you have to add it to the “sudo” group. So that it can have administrative privileges. Go through the below steps.
Steps to Follow >
➊ Write the following command in the command prompt to add the new user to the groups “logs” & “sudo”:
Syntax: sudo usermod [Options] GROUP_NAMEs USER_NAME
sudo usermod -aG logs,sudo logreader
- usermod: Modifies assigned attributes to the user.
- -aG: This option of the usermod command adds the user to an additional group.
- logs: Name of the
- logreader: User name.
➋ Press the ENTER key. The command after execution is modifying the logreader user by adding it to the “logs” & “sudo” groups.
➌ Then, type the below command, to see if you have successfully added the user to the groups:
id logreader
- id: Finds the identity of the specified USER.
➍ Finally, tap the ENTER button. The id command output shows the UID, and GID of the new user, along with the groups (27 & 1002) it belongs to.
- How to Create a Jenkins User on Ubuntu? [2 Methods]
- How to Create MySQL User in Ubuntu? [2 Cases]
- Create User Without Home Directory in Ubuntu in Just 3 Steps
- How to Create a User in Docker Container Without Docker File?
Step 4: Add the Log Folder to the Group
After you have added the new user to the log group, add the log folder to that group too using the chgrp command. Hence follow the below steps and command syntax:
Steps to Follow >
➊ Type the following command in the command prompt to set permissions to the drive:
Syntax: sudo chgrp GROUP_NAME /path/to/Log_Folder
sudo chgrp logs /var/log
- chgrp: Alters group to which files or directory belongs.
- logs: Name of the
- /var/log: Location path of the log folder.
➋ After that, press the ENTER button.
➌ Afterward, give the password and press ENTER again. The chgrp command adds the log folder to the “logs” group.
Step 5: Change the Log Folder Permission
In this step, set the log folder permission as read-only for the group. For that use the chmod command. You can use the command in either absolute (numeric such as 750, 777) or symbolic mode ( with symbols like +, -, u, g, o, r, w, x) to set permissions to the folder. Here, I will use symbols with logical operators as command parameters. Check the below command syntax with the following steps:
Steps to Follow >
➊ Type the following command in the command prompt to set permissions to the drive:
Syntax: sudo chmod +Permissions /path/to/the/drive
sudo chmod g+r /var/log
- chmod: Changes access permission of files & directories.
- g+r: Adding (+) Read-Only (r) permission for the Groups (g).
- /var/log: Log Folder location path.
➋ Next hit the ENTER button. The chmod command adds read-only permissions to the group for the log folder and the logreader user is a member of that group.
Step 6: Switch to New User in Linux
After you have given the new user read-only access to the log folder, next let’s switch to the new user account to verify if really access those files & read them. Therefore act according to the below steps.
Steps to Follow >
➊ First, write the following command to switch to the new user account:
su - logreader
- su: Substitutes User ID.
- – or -l or –login: Log-in option of the su
- logreader: User name.
➋ Next, press the ENTER key. Upon execution, the su command switches to the ‘logreader’ user’s home directory.
- How to Create Multiple Users in Linux? [2 Methods]
- How to Create a Root User in Ubuntu [Step-by-Step]
- How to Create User Account in Ubuntu with Public Key
- Create A User in Ubuntu that Runs a Script and Logs Out [4 Steps]
Step 7: Access the Log Folder & Read the Log Files of Ubuntu
After switching to the new user, try to access the log folder using the cd command. Check the folder files list and then try to read them. Follow the below steps.
Steps to Follow >
➊ Write the following command to change the working directory to the log folder:
cd /var/log
- cd: Changes working directory.
- /var/log: Location path of the log folder.
➋ Press the ENTER key.
➌ Next, check the log folders list using the ls command:
ls -lh
- ls: Lists directory contents
- -l -h or -lh: Options of the ls command where -l gives long lists & -h shows output in human-readable size.
➍ Tap the ENTER key. ➎ After that try to open any of the log files to read using the nano text editor, write the below comments:
nano syslog
OR,
nano bootstrap.log
- nano: Text editor for Unix-like
- syslog: One of the Log files.
- log: One of the Log files.
Complementary Information
Besides, knowing how to create a new user as read-only access to the log folder in Ubuntu, you will find the information below helpful.
How to Remove Read-Only Permissions from the Log Folder in Linux
So far you know how to give read-only access to the newly created user, now what if you want to remove the granted access? Check out the below steps to learn the process:
Steps to Follow >
➊ First, open your terminal & switch to the new user by typing the below command:
su - logreader
- su: Substitutes the USER
- – or -l or –login: Log-in option of the su
- logreader: User Name.
➋ Then, remove read-access from the user for the log folder using the following command:
sudo chmod u-r /var/log
- chmod u-r: The chmod command with symbolical operators (u-r), where ‘u’ is for the user and ‘r’ is for read permission. And the minus ‘-’ sign is used for
➌ Next, change the current working directory from the user’s home directory to the log folder directory and see the list of log files:
cd /var/log
ls -lh
- cd: Changes working directory.
- /var/log: Log folder location path.
- ls: Lists directory contents.
See the output image, the su command is substituting the user for the logreader. After that, when you are logged in with the logreader user, remove the read-only access permission from the user (u-r) for the log folder. Then cd into the log folder and view the files list with the ls command.
➎ From the list of files, try to open & read any of the log files in the nano editor. Let’s try to open the syslog file.
nano syslog
- nano: Text editor for Unix-like
- syslog: One of the Log files.
- How to Create an FTP User in Ubuntu? [Step-by-Step]
- Create a New SFTP User in Ubuntu with a New SSH Key
- How to Create Group and Add User in Ubuntu? [2 Cases]
- Create FTP User for Specific Directory in Ubuntu [4 Steps]
How to Give Read-Only Permission to a Specific Log File in Linux
In the upper example, you have read about giving the newly created user read-only access to the log folder. Now, what if you just want to give him/her read access to a specified file from the folder instead of the entire folder? In that case, the process is almost the same except that now you have to mention the path of the file inside the log folder.
For the process add the specified log file to the ‘logs’ group instead of the entire folder. And then change permission for that file. Read through the below steps where I will give the user read-only access to the “syslog” file.
Steps to Follow >
➊ In your Ubuntu terminal write the following command to change the “syslog” file group to “logs”:
sudo chgrp logs /var/log/syslog
- chgrp: Alters group to which files or directory belongs.
- logs: Group name.
- /var/log/syslog: Location path of the log file “syslog”.
➋ Press the ENTER button. ➌ After that, change the ‘syslog’ file permission using the below command:
sudo chmod g+r /var/log/syslog
- chmod: Changes access permission of files & directories.
- g+r: Adding (+) Read-Only (r) permission for the Groups (g).
- /var/log/syslog: Location path of the log file “syslog”.
➍ Next, tap the ENTER button.
➎ After switching to the new user, change the working directory from the user’s home to the log folder using the cd command and check the “syslog” files list using the grep command to the output of the ls command. Type as follows:
cd /var/log
ls -lh | grep syslog
- ls: Lists directory contents
- -l -h or -lh: Options of the ls command where -l gives long lists & -h shows output in human-readable size.
- grep: Looks for a specific pattern given to it as an argument.
- syslog: One of the log files.
➏ Afterward, try to open the syslog file with the nano editor:
nano syslog
- nano: Linux text editor.
- syslog: One of the log files.
➑ Afterward, let’s try to open any other file to which the user doesn’t have read access. For example, open the syslog.1 file using the nano editor.
nano syslog.1
- nano: Linux text editor
- syslog.1: One of the log files.
After the nano editor opened the “syslog.1” file, as you can see from the output picture, it is showing the message “ERROR reading syslog.1: Permission denied”. Since the user does not have read permission for this file or any other files from the log folder, only the syslog file.
Conclusion
In conclusion, the process to create a new user in Ubuntu as read-only access to the log folder is a simple yet effective security measure. It allows the user to view system logs without being able to modify them since it is helpful for troubleshooting & monitoring purposes. Throughout the article, I discussed the process with practical examples. Besides, I added some complementary info that will be helpful to gather some extra knowledge. Hope the article helps you in learning!
People Also Ask
Relaed Articles
- How to Create User and Add to Sudo in Ubuntu? [2 Methods]
- 2 Ways to Create a User With Access to a Drive in Ubuntu
- How to Create a New User in Ubuntu by GUI? [Step-by-Step]
- 2 Ways to Create User Account in Ubuntu Using Terminal
- How to Create Home Directory for Existing User in Ubuntu
- Create User with UID and GID in Ubuntu? [3 Scenarios]
- How to Create a Sudo User in Ubuntu? [Step-by-Step]