Since recently Debian has changed the default behavior for dmesg and I cannot use it simply from my local user.
% dmesg dmesg: read kernel buffer failed: Operation not permitted
Same goes for:
% cat /dev/kmsg cat: /dev/kmsg: Operation not permitted
Starring at the bug tracker this lead to:
How do I change this behavior back to the previous one, where local user are allowed to use dmesg. I could not find a particular group for it (eg. sudoers or something like that).
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
So it was actually trivial, looking at the very last message from the bug report:
Part of the changelog from the aforementioned kernel:
- security,printk: Enable SECURITY_DMESG_RESTRICT, preventing non-root users reading the kernel log by default (sysctl:
kernel.dmesg_restrict)
So the solution is simply to run once:
% sudo sysctl kernel.dmesg_restrict=0 kernel.dmesg_restrict = 0
Then your local user can start using dmesg again. This apply to any user, instead of a group which I initially assumed.
Everything is back to what I wanted:
% dmesg|wc 1307 11745 93652
and
% cat /dev/kmsg|head|wc
10 82 857
And to make it persists across reboots, simply save it as conf file:
$ cat /etc/sysctl.d/10-local.conf kernel.dmesg_restrict = 0
If you are on Ubuntu, for release 20.10 onwards there is already a line to persist this setting in /etc/sysctl.d/10-kernel-hardening.conf. After changing the file, to make the changes effective the user either needs to reboot or run sudo service procps restart .
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0