Merge "Log file access to users of sys_* group"

sudo-config/debian/deb_folder/control

@@ -10,4 +10,5 @@ Package: sudo-config
 Architecture: all
 Depends: ${misc:Depends}, sudo
 Description: StarlingX sudo configuration file
+ Installs sysadmin and logs file on sudoers.d directory.
  Installs sysadmin and sys_admin file on sudoers.d directory.

sudo-config/debian/deb_folder/postinst

@@ -3,9 +3,11 @@
 set -e
 
 cp /usr/share/starlingx/sysadmin.sudo /etc/sudoers.d/sysadmin
+cp /usr/share/starlingx/logs.sudo /etc/sudoers.d/logs
 cp /usr/share/starlingx/sys_admin.sudo /etc/sudoers.d/sys_admin
 
 chmod 440 /etc/sudoers.d/sysadmin
+chmod 440 /etc/sudoers.d/logs
 chmod 440 /etc/sudoers.d/sys_admin
 
 #DEBHELPER#

sudo-config/debian/deb_folder/sudo-config.install

@@ -1,2 +1,3 @@
 sysadmin.sudo usr/share/starlingx
+logs.sudo     usr/share/starlingx
 sys_admin.sudo usr/share/starlingx

sudo-config/source-debian/logs.sudo

@@ -0,0 +1,17 @@
+# User alias specification
+User_Alias      ALL_SYS_GROUPS = %sys_admin, %sys_configurator, %sys_operator, %sys_reader
+
+# Cmnd alias specification
+Cmnd_Alias      CAT_LOGS = /usr/bin/ls /var/log/*, /usr/bin/cat /var/log/*.log
+Cmnd_Alias      GUNZIP_LOGS = /usr/bin/gunzip /var/log/*.gz, /usr/bin/cat /var/log/*.log.[0-9]*
+Cmnd_Alias      VIM_LOGS = /usr/bin/vim /var/log/*.log, /usr/bin/vim /var/log/*.log.[0-9]*
+Cmnd_Alias      LESS_LOGS = /usr/bin/less /var/log/*.log, /usr/bin/less /var/log/*.log.[0-9]*
+
+# Allow members of all sys_* groups to execute selected commands
+ALL_SYS_GROUPS          ALL=(root:root) NOPASSWD: CAT_LOGS, VIM_LOGS, LESS_LOGS
+# Allow members of all sys_admin groups to execute selected commands
+%sys_admin              ALL=(root:root) NOPASSWD: GUNZIP_LOGS
+# Allow members of all sys_configurator groups to execute selected commands
+%sys_configurator       ALL=(root:root) NOPASSWD: GUNZIP_LOGS
+# Allow members of all sys_operator groups to execute selected commands
+%sys_operator           ALL=(root:root) NOPASSWD: GUNZIP_LOGS