I have a log server that collects logs from all the cisco devices on our network. The company policy states that any logs should only be accessible by root. So I have the following permissions set on the directory, as well as everything inside the directory where the cisco logs are kept.
drwx------ 65 root root 4096 Apr 29 7:38 rsyslog
The cisco folks are requesting access to these logs, which is allowed by company policy. Now here is where it gets complicated. I need to give the cisco folks access to the logs without, 1 giving them access to root, 2 changing the permissions on the files.
So I was thinking, is there anyway I can give them access through sudo? I know you can limit sudo to certain commands, is there a way I can use sudo to give them read access to the above directory?