Access Greengrass logs as non root user

0

Hello all,
I'm trying to read greengrass logs (system or lambda) from program which is not running as root. But all Greengrass logs are owned by root and have access mode 600. Also the path to the logs is also owned by root and have mode 700, which also denies other users from accessing them.

I tried changing the mode of the log files to 644 and directories to 755 but after greengrass restart the original modes are restored. I also tried to setup default ACL to the folder, hoping that new files would inherit the ACLs (which they do) but it seems that Greengrass forcibly changes the mode of new log files which changes the ACL mask to 000, which also denies access to all other users.

Is there a way to modify the mode of log files (or Greengrass write directory in general)? Or is there some hack with would allow to read Greengrass logs?

Thank you very much for the responses

Nuke
asked 4 years ago282 views
2 Answers
0

Hi,

Unfortunately this is not a feature we currently support; though this may be something we could add in a future release.

In the meantime, would you be able to publish your logs to cloudwatch (https://docs.aws.amazon.com/greengrass/latest/developerguide/greengrass-logs-overview.html#config-logs )
and have this non-root program access them from there? This may be a workaround.

Thanks,
AV

AWS
answered 4 years ago
0

Hi,
thank you for the quick answer.

We are currently looking into using named pipes with 644 mode and a process which will copy the logs into this pipe. But CloudWatch might be easier solution.

Atria
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions