Access Greengrass logs as non root user

Question

Hello all,  
I'm trying to read greengrass logs (system or lambda) from program which is not running as root. But all Greengrass logs are owned by root and have access mode 600. Also the path to the logs is also owned by root and have mode 700, which also denies other users from accessing them.  
  
I tried changing the mode of the log files to 644 and directories to 755 but after greengrass restart the original modes are restored. I also tried to setup default ACL to the folder, hoping that new files would inherit the ACLs (which they do) but it seems that Greengrass forcibly changes the mode of new log files which changes the ACL mask to 000, which also denies access to all other users.  
  
Is there a way to modify the mode of log files (or Greengrass write directory in general)? Or is there some hack with would allow to read Greengrass logs?  
  
Thank you very much for the responses

Answer

Hi,  
  
Unfortunately this is not a feature we currently support; though this may be something we could add in a future release.  
  
In the meantime, would you be able to  publish your logs to cloudwatch ( )  
and have this non-root program access them from there? This may be a workaround.  
  
Thanks,  
AV

Answer

Hi,  
thank you for the quick answer.  
  
We are currently looking into using named pipes with 644 mode and a process which will copy the logs into this pipe. But CloudWatch might be easier solution.

Access Greengrass logs as non root user

Contenido relevante