asked on
Mac OS /var/log/system.log permissions / Time Machine backup tracking
We're using Time Machine to back up our Macbooks to a network drive. On each Macbook, I have a cron job that queries the /var/log/system.log file for "Backup completed" and dumps the output to a text file on a network drive. Every night I have a script that gathers all of these text files and generates an email so that we know who is "up to date" on Time Machine backups.
This all worked well until some Mac OS update changed the permissions on the /var/log folder and log files inside of it - specifically system.log.
Our users are not local admin's and I'm relying on them to have read access on the system.log file in order for the query to work.
I can give them R or RW permission on the /var/log folder and apply to all contents of the folder and it works fine until the system rotates the logs and creates a new file. At that point the new system.log file has the following permissions:
system RW
admin R
everyone No Access
Is there a way to modify the log rotation process so that it doesn't screw up the permissions on system.log? I've tried investigating the jobs in /etc/periodic/daily and the com.apple.newsyslog.plist file but I'm drawing blanks.
Does anyone have experience with this?
The most simple way to frame the question is: Is there a way to give standard OS X users access to the system.log file, either via direct access or the "Console" app?
Alternatively, does anyone have other suggestions on "tracking" Time Machine backups? We've tried using GeekTool with the "syslog -F ...." method but it's not been reliable and is also broken with OS X 10.7.
This all worked well until some Mac OS update changed the permissions on the /var/log folder and log files inside of it - specifically system.log.
Our users are not local admin's and I'm relying on them to have read access on the system.log file in order for the query to work.
I can give them R or RW permission on the /var/log folder and apply to all contents of the folder and it works fine until the system rotates the logs and creates a new file. At that point the new system.log file has the following permissions:
system RW
admin R
everyone No Access
Is there a way to modify the log rotation process so that it doesn't screw up the permissions on system.log? I've tried investigating the jobs in /etc/periodic/daily and the com.apple.newsyslog.plist file but I'm drawing blanks.
Does anyone have experience with this?
The most simple way to frame the question is: Is there a way to give standard OS X users access to the system.log file, either via direct access or the "Console" app?
Alternatively, does anyone have other suggestions on "tracking" Time Machine backups? We've tried using GeekTool with the "syslog -F ...." method but it's not been reliable and is also broken with OS X 10.7.
Apple OSMac OS X
Last Comment
weycotech
I would try to create ACL for /var/logs folder and inherit permissions to newly created files.
You can alter settings of /etc/sudoers file to allow ordinary users check contents of requested file.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
-Problem not solved. Switched backup solutions so it's no longer an issue.