How to Create a User in Ubuntu as Read-Only Access to Log Folder

LINUX
FUNDAMENTALS
A Complete Guide for Beginners Enroll Course Now

Ubuntu is a popular multiuser Linux distribution used by many system administrators. One common task of the OS is creating a new user with specific permissions. In this article, I will discuss how to create a user in Ubuntu as read-only access to the log folder. In some cases that is very useful to provide limited access to system logs while maintaining security and control over the system. So let’s begin the process where you will find the steps to create a new user, give it read-only access to the log folder, and also verify the access.

Process Flow Chart to Create User as Read-only to Log Folder:Process flow chart of ubuntu create user as read only to log folder.

[Distro Used Throughout the Tutorial: Ubuntu 22.04.1 LTS]

7 Steps to Create a User as Read-Only Access to Log Folder

Learning to create a new user and configure the necessary permissions for files & folders is a must-know knowledge for Ubuntu users. Since it assures security, system integrity, resource management, and personalization options while sharing specified files between multiple users, one key step may be to create a user as read-only access to the log folder.

In the following article, I will explain step-by-step processes to create a user with read-only access to the log folder in Ubuntu.

Step 1: Create a User in Ubuntu

The distribution provides two different commands to create a new user. First, create a user using the adduser or useradd command. Here, I will create a user using the adduser command which is the first step to create a user in Ubuntu as read-only access to the log folder. Follow these steps to do the same:

  1. Open your Ubuntu terminal application.
  2. Type the following command (the syntax is sudo adduser user_name) in your command prompt to create a user:
    sudo adduser logreader
    EXPLANATION
    • sudo: permits administrative privileges.
    • adduser: creates a new user.
    • logreader: name of the newly created user.
  3. Tap the ENTER key.
  4. Next, give the currently logged-in user password.
  5. Then, hit the ENTER button again.using the adduser command to create a user in ubuntu as read only access to log folder .
    EXPLANATION

    After entering the password, the command will add the new user to a new group, with the same name as the username, ‘logreader’. Moreover, it will create a home directory for storing the new user’s data.

    After that, the command copies the contents of the “/etc/skel” directory to the new user’s home directory. The “/etc/skel” directory contains a set of default files and directories which provide a basic set of files and settings for the user.

  6. Afterward, type & retype the new user password with other information. However, you can skip setting other information by pressing ENTER each time.

  7. Finally, press the ‘Y’ & then the ENTER key to confirm the new user creation:Set new password to create a user in ubuntu as read only access to log folder. There you go, you have successfully created a new user.

Step 2: Create a Group in Linux

Next, create a group using the addgroup command. Creating a group and adding the user to that group is necessary. Since it helps to assign read-only access to the log files to that specific user of the group, instead of giving access to all users on the system. Follow the below steps to create a group:

  1. Write the following command in the command prompt to add the new group named “logs”:
    sudo addgroup logs
    EXPLANATION
    • sudo: permits administrative privileges.
    • addgroup: Create a new group.
    • logs: Name of the group.
  2. Press the ENTER key.Create a group using the addgroup command to create a user in ubuntu as read only access to log folder. The addgroup command creates a new group named ‘logs’.

Step 3: Add the User to the Groups in Ubuntu

Afterward, add the user to the ‘logs’ group using the usermod command. Now by default, a new user is only a member of their own group. But to give the user any type of access permission or let modify any files or folders, in addition to the “logs” group you have to add it to the “sudo” group. So that it can have administrative privileges. Go through the below steps:

  1. Write the following command in the command prompt to add the new user to the groups “logs” & “sudo” using the syntax sudo usermod [Options] GROUP_NAMEs USER_NAME:
    sudo usermod -aG logs,sudo logreader
    EXPLANATION
    • usermod: Modifies assigned attributes to the user.
    • -aG: This option of the usermod command adds the user to an additional group.
    • logs: Name of the group.
    • logreader: User name.
  2. Press the ENTER key.Add user to the logs & sudo groups to create a user in ubuntu as read only access to log folder. The command after execution modifies the logreader user by adding it to the “logs” & “sudo” groups.
  3. Then, type the below command, to see if you have successfully added the user to the groups:
    id logreader
    EXPLANATION
    • id: Finds the identity of the specified USER.
  4.   Finally, tap the ENTER button.Id command in Linux. The id command output shows the UID, and GID of the new user, along with the groups (27 & 1002) it belongs to.


Step 4: Add the Log Folder to the Group

After you have added the new user to the log group, add the log folder to that group too using the chgrp command. Hence follow the below steps and command syntax:

  1. Type the following command (syntax: sudo chgrp GROUP_NAME /path/to/Log_Folder
    ) in the command prompt to set permissions to the drive:

    sudo chgrp logs /var/log
    EXPLANATION
    • chgrp: Alters group to which files or directories belong.
    • logs: Name of the group.
    • /var/log: Location path of the log folder.
  2. After that, press the ENTER button.
  3. Afterward, give the password and press ENTER again.Change group of the log folder. The chgrp command adds the log folder to the “logs” group.

Step 5: Change the Log Folder Permission

In this step, set the log folder permission as read-only for the group. For that use the chmod command. You can use the command in either absolute (numeric such as 750, 777) or symbolic mode ( with symbols like +, -, u, g, o, r, w, x) to set permissions to the folder. Here, I will use symbols with logical operators as command parameters. Check the below command syntax with the following steps:

  1. Type the following command in the command prompt to set permissions to the drive using the standard syntax sudo chmod +Permissions /path/to/the/drive:
    sudo chmod g+r /var/log
    EXPLANATION
    • chmod: Changes access permission of files & directories.
    • g+r: Adding (+) Read-Only (r) permission for the Groups (g).
    • /var/log: Log Folder location path.
  2. Next hit the ENTER button.Set permissions for the log folder. The chmod command adds read-only permissions to the group for the log folder and the logreader user is a member of that group.

Step 6: Switch to New User in Linux

After you have given the new user read-only access to the log folder, next let’s switch to the new user account to verify if you can access those files & read them. Therefore act according to the below steps:

  1. First, write the following command to switch to the new user account:
    su - logreader
    EXPLANATION
    • su: Substitutes User ID.
    • – or -l or –login: Log-in option of the su command.
    • logreader: User name.
  2. Next, press the ENTER key.switch user using the su command in linux. Upon execution, the su command switches to the ‘logreader’ user’s home directory.


Step 7: Access Log Folder & Read Log Files of Ubuntu

After switching to the new user, try to access the log folder using the cd command. Check the folder files list and then try to read them. Follow the below steps:

  1. Write the following command to change the working directory to the log folder:
    cd /var/log
    EXPLANATION
    • cd: Changes working directory.
    • /var/log: Location path of the log folder.
  2. Press the ENTER key.
  3. Next, check the log folders list using the ls command:
    ls -lh
    EXPLANATION
    • ls: Lists directory contents.
    • -l -h or -lh: Options of the ls command where -l gives long lists & -h shows output in human-readable size.
  4. Tap the ENTER key.Logs file list.
  5. After that try to open any of the log files to read using the nano text editor, write the below comments:
    nano syslog

    OR,

    nano bootstrap.log
    EXPLANATION
    • nano: Text editor for Unix-like systems.
    • syslog: One of the Log files.
    • log: One of the Log files.
    Open log file in nano editor to create a user in ubuntu as read only access to log folder.Open log file in nano editor to create a user in ubuntu as read only access to log folder.
  6. Hit the ENTER key after typing each command:Open log file in nano editor to create a user in ubuntu as read only access to log folder. The nano editor will pop up right away with the specified log file, as you can see from the upper pictures of the syslog file & bootstrap.log file that are opened in the editor.Open log file in nano editor to create a user in ubuntu as read only access to log folder. The logreader user can read these files but can’t write or modify them. Check the bottom note showing the message, “[File ‘syslog’ is unwritable]”. Since the user has only read-only access to these files.

Remove Read-Only Permissions from the Log Folder in Linux

So far you know how to give read-only access to the newly created user, now what if you want to remove the granted access? Check out the below steps to learn the process:

  1. First, open your terminal & switch to the new user by typing the below command:
    su - logreader
    EXPLANATION
    • su: Substitutes the USER account.
    • – or -l or –login: Log-in option of the su command.
    • logreader: User Name.
  2. Then, remove read-access from the user for the log folder using the following command:
    sudo chmod u-r /var/log
    EXPLANATION
    • chmod u-r: The chmod command with symbolical operators (u-r), where ‘u’ is for the user and ‘r’ is for read permission. And the minus ‘-’ sign is used for removing.
  3. Next, change the current working directory from the user’s home directory to the log folder directory and see the list of log files:
    cd /var/log
    ls -lh
    EXPLANATION
    • cd: Changes working directory.
    • /var/log: Log folder location path.
    • ls: Lists directory contents.
    Delete read-only access from the user of the log folder.
    EXPLANATION

    See the output image, the su command is substituting the user for the logreader.  After that, when you are logged in with the logreader user, remove the read-only access permission from the user (u-r) for the log folder. Then cd into the log folder and view the files list with the ls command.

  4. From the list of files, try to open & read any of the log files in the nano editor. Let’s try to open the syslog file:
    nano syslog
    EXPLANATION
    • nano: Text editor for Unix-like systems.
    • syslog: One of the Log files.
    Open log file in nano editor.
  5. Finally, Press the ENTER button.The log file is unreadable. The syslog file is unreadable. The user has no read permission for the log folder, thus it won’t be able to read or open any of the log folder files. Hence, you have successfully removed the read permission from the logreader user.


Give Read-Only Permission to a Specific Log File in Linux

In the upper example, you have read about giving the newly created user read-only access to the log folder. Now, what if you just want to give him/her read access to a specified file from the folder instead of the entire folder? In that case, the process is almost the same except that now you have to mention the path of the file inside the log folder so that you can successfully create a Ubuntu user with read-only access to the log folder with specificity.

For the process add the specified log file to the ‘logs’ group instead of the entire folder. And then change permission for that file. Read through the below steps where I will give the user read-only access to the “syslog” file:

  1.   In your Ubuntu terminal write the following command to change the “syslog” file group to “logs”:
    sudo chgrp logs /var/log/syslog
    EXPLANATION
    • chgrp: Alters group to which file or directory belongs.
    • logs: Group name.
    • /var/log/syslog: Location path of the log file “syslog”.
  2. Press the ENTER button.Change group of the log file using chgrp command in Linux.
  3. After that, change the ‘syslog’ file permission using the below command:
    sudo chmod g+r /var/log/syslog
    EXPLANATION
    • chmod: Changes access permission of files & directories.
    • g+r: Adding (+) Read-Only (r) permission for the Groups (g).
    • /var/log/syslog: Location path of the log file “syslog”.
  4. Next, tap the ENTER button.Set permissions for the log file using the chmod command in Linux.

    Then follow Step 6: Switch to New User in Linux” to switch to the logreader user.
  5. After switching to the new user, change the working directory from the user’s home to the log folder using the cd command and check the “syslog” files list using the grep command to the output of the ls command. Type as follows:

    cd /var/log
    ls -lh | grep syslog
    EXPLANATION
    • ls: Lists directory contents.
    • -l -h or -lh: Options of the ls command where -l gives long lists & -h shows output in human-readable size.
    • grep: Looks for a specific pattern given to it as an argument.
    • syslog: One of the log files.
    Check all syslog files from the log folder. From the output, you can see the “syslog” file is situated inside the “logs” group. And, from the permissions parameter (-rw-r—–), you can also notice that the group has only read permission to the file.
  6.   Afterward, try to open the syslog file with the nano editor:
    nano syslog
    EXPLANATION
    • nano: Linux text editor.
    • syslog: One of the log files.
    Open log file in nano editor.
  7. At this point, Hit the ENTER button.The syslog file is readable but not writeble. See from the nano editor, that the logreader user can read the “syslog” file but can not write or modify it. Since the user only has read access.
  8. Afterward, let’s try to open any other file to which the user doesn’t have read access. For example, open the syslog.1 file using the nano editor.

    nano syslog.1
    EXPLANATION
    • nano: Linux text editor.
    • syslog.1: One of the log files.
    Open log file in nano editor.
  9. Finally press the ENTER key again.The log file is not readable.
    EXPLANATION

    After the nano editor opened the “syslog.1” file, as you can see from the output picture, it showed the message “ERROR reading syslog.1: Permission denied”. Since the user does not have read permission for this file or any other files from the log folder, only the syslog file.

Conclusion

In conclusion, the process of creating a new user in Ubuntu as read-only access to the log folder is a simple yet effective security measure. It allows the user to view system logs without being able to modify them since it is helpful for troubleshooting & monitoring purposes. Throughout the article, I discussed the process with practical examples. Besides, I added some complementary info that will be helpful to gather some extra knowledge. Hope the article helps you learn how to create a user as read-only access to the log folder in Ubuntu and make you a better Linux user.

People Also Ask

What does chmod 644 mean?

“chmod 644“ is a Linux command that sets the file permissions to read and write for the file owner, while read-only for the group owner and others.  Where 6 (binary 110) is indicating r-w for the owner & the next two 4 (binary 100) indicate read-only for the group & others.

How do I restrict the user from being able to log into Linux?

To restrict a user from being able to log into Linux, you can modify the user’s login shell to a non-existent shell. Hence, find out the user’s login shell using the “getent passwd user_name” command & then change the shell using the usermod command with the –shell option & set ‘nologin’. Use this command syntax “sudo usermod -s /sbin/nologin user_name”.

How do I restrict access to a folder in Ubuntu?

You can restrict access to a folder in Ubuntu by changing its permissions using the ‘chmod’ command. Hence, use any symbols or absolute values with the command as per your need for permission settings. For example, “chmod 700” sets permission rwx for the owner & no permission for groups & others.

How do I restrict a user to a specific directory in Linux?

You can restrict a user to a specific directory in Linux by setting their home directory to the directory you want to restrict them to. Therefore create the user by specifying the home directory that is by providing the directory location path. Next, change the directory owner to the owner & set the permission for the directory to 700.

How do I give a user permission special in Linux?

To give a user special permissions in Linux, you can use the “sudo” command. Sudo stands for “superuser do”, and it allows a user with administrative privileges to execute a command as another user or with elevated privileges. After creating a user, add it to the “sudo” group, which allows the user to use the “sudo” command.

What are ACL permissions in Linux?

ACL stands for Access Control List. They are used to extend the standard Linux file permission system by allowing specific permissions for individual users or groups. With ACLs. you can set permissions such as read, write, execute, and delete and specify which users or groups have access to the file or directory.

How do I give someone permission for a command?

To give someone permission in Linux, you can use the “sudo” command. As you need to be a root user or superuser to run some commands, the sudo command elevates that. Thus, add the user to the sudo group. That way, the user will be able to use the sudo command before other commands.

How do I switch user in Ubuntu?

To switch user in Ubuntu, use the su command followed by the user name you want to switch to. Open the terminal and type su username, replace the username with the name of the target user, and enter the user’s password to successfully switch the target user’s environment.

How do I chmod to a specific user?

It is not possible to use the ‘chmod’ command to assign permissions to a specific user. Instead, you can use the ‘chown’ command to change the ownership of a file or directory. By changing the ownership, you can assign permissions to a specific user or group.

Relaed Articles

Rate this post
Monira Akter Munny

Hello!! This is Monira Akter Munny. I'm a Linux content developer executive here, at SOFTEKO company. I have completed my B.Sc. in Engineering from Rajshahi University of Engineering & Technology in the Electrical & Electronics department. I'm more of an online gaming person who also loves to read blogs & write. As an open-minded person ready to learn & adapt to new territory, I'm always excited to explore the Linux world & share it with you! Read Full Bio

Leave a Comment