How do I restrict a non sudo or root user from running the dmesg command?



  • Refer to the readme important notes first. README.

    Also see:
    sysctl(8) - configure kernel parameters at runtime
    dmesg(1) - print or control the kernel ring buffer

    Check current value of dmesg restrict kernel parameter. 0 mean any user can run dmesg.

    $ sudo sysctl kernel.dmesg_restrict
    kernel.dmesg_restrict = 0
    

    Run dmesg.

    $ dmesg | tail -2
    [   10.479557] random: 7 urandom warning(s) missed due to ratelimiting
    [   11.410490] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
    

    Change value of the dmesg restrict kernel parameter to 1.

    $ sudo sysctl -w kernel.dmesg_restrict=1
    kernel.dmesg_restrict = 1
    

    Running dmesg again is not restricted to root user or equivalent.

    $ dmesg | tail -2
    dmesg: read kernel buffer failed: Operation not permitted
    

    Running dmesg via sudo.

    $ sudo dmesg | tail -2
    [   10.479557] random: 7 urandom warning(s) missed due to ratelimiting
    [   11.410490] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
    

Log in to reply
 

© Lightnetics 2024