Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set acl for read rights #212

Open
johanvdw opened this issue Mar 12, 2024 · 3 comments · May be fixed by #223
Open

set acl for read rights #212

johanvdw opened this issue Mar 12, 2024 · 3 comments · May be fixed by #223

Comments

@johanvdw
Copy link

This is a proposal. Using the code below it is possible to give the promtail user read access to /var/log regardless of the mode/owner. Is this something desirable for this role? Should it be configurable which paths get this access?

- name: Set ACL for promtail on /var/log
  acl:
    path: /var/log
    entity: promtail
    rights: rX
    recursive: yes
    state: present
@patrickjahns
Copy link
Owner

Thank you for your suggestion :-) - would you be able to sent a pull request for this?

@eschulma
Copy link

The role already adds promtail to the adm group, which has these read rights by default. If someone is hiding a log file from adm (due to sensitive information?) perhaps that should be respected.

@johanvdw
Copy link
Author

At least in our setup, I noticed quite a lot of files which were not group-owned by adm, and not all had easy switches to change it.
Perhaps a nice intermediate solution would be a list of paths (or files) for which you want this, defaulting to an empty list.

johanvdw added a commit to johanvdw/ansible-role-promtail that referenced this issue Apr 30, 2024
@johanvdw
Add option to grant read access to paths
65520bf 
Closes patrickjahns#212 : allows adding a list of paths which should
get read access
@johanvdw johanvdw linked a pull request Apr 30, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add option to grant read access to paths using ACL johanvdw/ansible-role-promtail
3 participants
@johanvdw @eschulma @patrickjahns