{"id":2304,"date":"2019-03-03T22:43:09","date_gmt":"2019-03-03T13:43:09","guid":{"rendered":"http:\/\/matoken.org\/blog\/?p=2304"},"modified":"2019-03-03T22:53:19","modified_gmt":"2019-03-03T13:53:19","slug":"enable-dmesg-command-only-for-certain-groups","status":"publish","type":"post","link":"https:\/\/matoken.org\/blog\/2019\/03\/03\/enable-dmesg-command-only-for-certain-groups\/","title":{"rendered":"\u7279\u5b9a\u30b0\u30eb\u30fc\u30d7\u3067\u306e\u307f dmesg command \u3092\u6709\u52b9\u306b\u3059\u308b"},"content":{"rendered":"<p>Debian \u306e linux 4.8.0 \u4ee5\u964d\u3067\u4e00\u822c\u30e6\u30fc\u30b6\u306b\u3088\u308b dmesg \u304c\u7121\u52b9\u5316\u3055\u308c\u305f\u306e\u3067\uff0ckernel\u30d1\u30e9\u30e1\u30fc\u30bf\u306e kernel.dmesg_restrict \u3092\u4fee\u6b63\u3057\u3066 dmesg command \u3092\u4e00\u822c\u30e6\u30fc\u30b6\u3067\u3082\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u307e\u3057\u305f\u304c\u3053\u308c\u3060\u3068\u5168\u30e6\u30fc\u30b6\u3067\u5b9f\u884c\u3067\u304d\u3066\u3057\u307e\u3044\u307e\u3059\uff0esudo \u3092\u8a2d\u5b9a\u3057\u3066\u30ed\u30b0\u306e\u8aad\u3081\u308b <code>adm<\/code> \u30e6\u30fc\u30b6\u3060\u3051\u304c dmesg command \u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3066\u307f\u307e\u3057\u305f\uff0e<\/p>\n<ul>\n<li><a href=\"https:\/\/matoken.org\/blog\/2019\/03\/03\/run-dmesg-as-a-general-user-with-debian-buster-sid\/\">Debian buster\/sid \u3067dmesg\u3092\u4e00\u822c\u30e6\u30fc\u30b6\u3067\u5b9f\u884c \u2013 matoken&#8217;s meme<\/a><\/li>\n<\/ul>\n<p>dmesg\u3092\u5b9f\u884c\u3057\u305f\u3044\u30e6\u30fc\u30b6\u3092<code>adm<\/code> group \u306b\u767b\u9332\u3059\u308b(login\u3057\u76f4\u3057\u3066\u53cd\u6620\u3057\u3066\u304a\u304f)<\/p>\n<pre><code>$ sudo addgroup matoken adm\r\n$ exit\r\n<\/code><\/pre>\n<p><code>visudo<\/code> command \u3067 <code>\/etc\/sudoers<\/code> \u3092\u7de8\u96c6\u3057\u3066 <code>adm<\/code> group \u306f NOPASSWD \u3067 <code>dmesg<\/code> command \u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b(\u5ff5\u306e\u70ba\u7de8\u96c6\u524d\u306b\u3082\u30461\u679a\u7aef\u672b\u3092\u958b\u3044\u3066 <code>sudo -s<\/code> \u3057\u3066\u304a\u3044\u305f\u308a\uff0cat\u7b49\u30675\u5206\u5f8c\u306b <code>\/etc\/sudoers<\/code> \u3092\u5dfb\u304d\u623b\u3059\u3088\u3046\u306b\u3057\u3066\u304a\u304f\u3068\u30df\u30b9\u3063\u3066\u3082\u5b89\u5fc3)<\/p>\n<pre><code>$ sudo visudo\r\n$ sudo git diff \/etc\/sudoers\r\ndiff --git a\/sudoers b\/sudoers\r\nindex d4cc632..ac3bd77 100644\r\n--- a\/sudoers\r\n+++ b\/sudoers\r\n@@ -21,6 +21,7 @@ root  ALL=(ALL:ALL) ALL\r\n\r\n # Allow members of group sudo to execute any command\r\n %sudo  ALL=(ALL:ALL) ALL\r\n+%adm   ALL=NOPASSWD: \/usr\/bin\/dmesg\r\n\r\n # See sudoers(5) for more information on &quot;#include&quot; directives:\r\n\r\n<\/code><\/pre>\n<p>adm group \u306e\u30e6\u30fc\u30b6\u3067dmesg \u30b3\u30de\u30f3\u30c9\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u308b\u306e\u3092\u78ba\u8a8d<\/p>\n<pre><code>$ sudo -l | grep dmesg\r\n    (root) NOPASSWD: \/usr\/bin\/dmesg\r\n<\/code><\/pre>\n<p><code>adm<\/code> group \u306e\u30e6\u30fc\u30b6\u304c\u8a8d\u8a3c\u7121\u3057\u3067 <code>sudo dmesg<\/code> \u304c\u5b9f\u884c\u3067\u304d\u308b\u306e\u3092\u78ba\u8a8d<\/p>\n<pre><code>$ id | grep -o adm\r\nadm\r\n$ sudo dmesg -H | tail -1\r\n[  +0.015080] smsc95xx 1-1.1:1.0 eth0: link up, 100Mbps, full-duplex, lpa 0xCDE1\r\n<\/code><\/pre>\n<p>\u3053\u306e\u3068\u304d <code>kernel.dmesg_restrict = 1<\/code> \u3067 sudo \u3092\u901a\u3055\u306a\u3044\u3068 dmesg \u306f\u5b9f\u884c\u3067\u304d\u306a\u3044<\/p>\n<pre><code>$ cat \/proc\/sys\/kernel\/dmesg_restrict\r\n1\r\n$ dmesg \r\ndmesg: read kernel buffer failed: Operation not permitted\r\n$ LC_MESSAGES=ja_JP.UTF-8 dmesg \r\ndmesg: read kernel buffer failed: \u8a31\u53ef\u3055\u308c\u3066\u3044\u306a\u3044\u64cd\u4f5c\u3067\u3059\r\n<\/code><\/pre>\n<p><code>~\/.profile<\/code> \u306balias \u3092\u8a2d\u5b9a<\/p>\n<pre><code>$ echo 'alias dmesg=&quot;sudo dmesg&quot;' | tee -a ~\/.profile                                                                                                                                   \r\nalias dmesg=&quot;sudo dmesg&quot;\r\n$ source ~\/.profile\r\n$ dmesg -H | tail -1\r\n[  +0.015080] smsc95xx 1-1.1:1.0 eth0: link up, 100Mbps, full-duplex, lpa 0xCDE1\r\n<\/code><\/pre>\n<p>\u74b0\u5883<\/p>\n<pre><code>$ dpkg-query -W sudo util-linux linux-image-*\r\nlinux-image-4.19.0-2-arm64      4.19.16-1\r\nlinux-image-4.19.0-2-arm64-unsigned\r\nlinux-image-arm64       4.19+102\r\nsudo    1.8.27-1\r\nutil-linux      2.33.1-0.1\r\n$ lsb_release -dr\r\nDescription:    Debian GNU\/Linux buster\/sid\r\nRelease:        testing\r\n$ uname -a\r\nLinux rpi3 4.19.0-2-arm64 #1 SMP Debian 4.19.16-1 (2019-01-17) aarch64 GNU\/Linux\r\n$ cat \/proc\/device-tree\/model ;echo\r\nRaspberry Pi 3 Model B Rev 1.2\r\n<\/code><\/pre>\n<p><iframe style=\"width:120px;height:240px;\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"\/\/rcm-fe.amazon-adsystem.com\/e\/cm?lt1=_blank&#038;bc1=000000&#038;IS2=1&#038;bg1=FFFFFF&#038;fc1=000000&#038;lc1=0000FF&#038;t=matokensmeme-22&#038;language=ja_JP&#038;o=9&#038;p=8&#038;l=as4&#038;m=amazon&#038;f=ifr&#038;ref=as_ss_li_til&#038;asins=B07NFDXRQL&#038;linkId=d11391ef455da0de9c6901b4213ac92a\"><\/iframe><iframe style=\"width:120px;height:240px;\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"\/\/rcm-fe.amazon-adsystem.com\/e\/cm?lt1=_blank&#038;bc1=000000&#038;IS2=1&#038;bg1=FFFFFF&#038;fc1=000000&#038;lc1=0000FF&#038;t=matokensmeme-22&#038;language=ja_JP&#038;o=9&#038;p=8&#038;l=as4&#038;m=amazon&#038;f=ifr&#038;ref=as_ss_li_til&#038;asins=B07F1NLW9C&#038;linkId=05531d263cdd95eee722836c0495474b\"><\/iframe><iframe style=\"width:120px;height:240px;\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"\/\/rcm-fe.amazon-adsystem.com\/e\/cm?lt1=_blank&#038;bc1=000000&#038;IS2=1&#038;bg1=FFFFFF&#038;fc1=000000&#038;lc1=0000FF&#038;t=matokensmeme-22&#038;language=ja_JP&#038;o=9&#038;p=8&#038;l=as4&#038;m=amazon&#038;f=ifr&#038;ref=as_ss_li_til&#038;asins=B07NWDSRXK&#038;linkId=f6e4a71fa34da7185f66bd3454ca7606\"><\/iframe><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Debian \u306e linux 4.8.0 \u4ee5\u964d\u3067\u4e00\u822c\u30e6\u30fc\u30b6\u306b\u3088\u308b dmesg \u304c\u7121\u52b9\u5316\u3055\u308c\u305f\u306e\u3067\uff0ckernel\u30d1\u30e9\u30e1\u30fc\u30bf\u306e kernel.dmesg_restrict \u3092\u4fee\u6b63\u3057\u3066 dmesg command \u3092\u4e00\u822c\u30e6\u30fc\u30b6 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled_pings":false,"webmentions_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[428,7,6],"tags":[276,450,124,44],"class_list":["post-2304","post","type-post","status-publish","format-standard","hentry","category-buster","category-debian-linux","category-linux","tag-debian-linux","tag-debian-buster","tag-raspberry-pi-3-b","tag-raspberrypi"],"_links":{"self":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/2304","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/comments?post=2304"}],"version-history":[{"count":0,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/2304\/revisions"}],"wp:attachment":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/media?parent=2304"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/categories?post=2304"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/tags?post=2304"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}