How do I restrict a non sudo or root user from running the dmesg command?
-
Refer to the readme important notes first. README.
Also see:
sysctl(8) - configure kernel parameters at runtime
dmesg(1) - print or control the kernel ring bufferCheck current value of dmesg restrict kernel parameter. 0 mean any user can run dmesg.
$ sudo sysctl kernel.dmesg_restrict kernel.dmesg_restrict = 0
Run dmesg.
$ dmesg | tail -2 [ 10.479557] random: 7 urandom warning(s) missed due to ratelimiting [ 11.410490] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Change value of the dmesg restrict kernel parameter to 1.
$ sudo sysctl -w kernel.dmesg_restrict=1 kernel.dmesg_restrict = 1
Running dmesg again is not restricted to root user or equivalent.
$ dmesg | tail -2 dmesg: read kernel buffer failed: Operation not permitted
Running dmesg via sudo.
$ sudo dmesg | tail -2 [ 10.479557] random: 7 urandom warning(s) missed due to ratelimiting [ 11.410490] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
© Lightnetics 2024