Skip to main content
Question

Grant standard user access to system.log in Console.app


Forum|alt.badge.img+16

A number of years ago Apple changed access to the system.log file (and others) so that only admin level users could read them. In the name of 'security' I'm assuming. We don't allow non-standard users on our devices however, and one of our developers needs to be able to read the affected logs and can't.

I've tried editing the sudoers file and adding the user to access /System/Applications/Utilities/Console.app, and using a policy to try and open Console. But Console just complains and doesn't work. I could change the permissions on the effected log files, but that'll be reversed as soon as the OS rotates the logs...

Is there a simpler method, or something I'm not thinking of?

Allowing the user temporary admin access isn't a solution either unfortunately.

5 replies

Forum|alt.badge.img+17
  • Valued Contributor
  • 231 replies
  • November 17, 2023

I would try adding an ACE/ACL, and see if that persists, though it might well not. Failing that, would it be acceptable to apply an ACE/ACL with inheritance to the folder /var/log? Inheritance might maintain access even as the logs rotated.


Forum|alt.badge.img+16
  • Author
  • Valued Contributor
  • 401 replies
  • November 17, 2023
joshuasee wrote:

I would try adding an ACE/ACL, and see if that persists, though it might well not. Failing that, would it be acceptable to apply an ACE/ACL with inheritance to the folder /var/log? Inheritance might maintain access even as the logs rotated.


An ACE/ACL for /var/log high be acceptable. I'll look into it... TY!


Forum|alt.badge.img+3
  • New Contributor
  • 2 replies
  • April 23, 2024

Any updates on this? 


Forum|alt.badge.img+16
  • Author
  • Valued Contributor
  • 401 replies
  • April 24, 2024

Unfortunately, no. The best work around we found is for our developers to use Apple Configurator to view the log files they need. It works... but not ideal.


shrisivakumaran
Forum|alt.badge.img+8

Any updates on this? Developers want to access SDK logs which is not capturing in Apple Configurator.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings