/var/log/Xorg.0.log permissions after reboot

Latest response

I'm attempting to set persistent 0600 permissions on /var/log/Xorg.0.log, it seems that something is resetting them to 644 after each reboot.

I have tried putting the following line in /etc/rc.local

~~
chmod 0600 /var/log/Xorg.0.log
~~

The seemingly automated permissions change happens a few minutes after login thus negating the rc.local script.

Any help would be very much appreciated.

I'm running RHEL Server 6.9

Responses

Yes, it is obvious that Xorg is controlling and making changes here. You need to add it to user profile of root, add "chmod 0600 /var/log/Xorg.0.log" to /root/.bashrc file. This should help you to achieve your desired state. But any thread which invokes/refreshes Xorg after this may change it again. You may track this changes by adding an audit rule policy so that you could see which process is changing the permissions.

When the X server starts up, it renames existing /var/log/Xorg.0.log to /var/log/Xorg.0.log.old and creates a new Xorg.0.log. It probably uses whatever default umask is in effect at that point (most likely the default 022), thus causing the 644 permissions.

You might try adding "umask 077" to the start-up script of the display manager you're using (by default probably gdm). Hopefully the umask would be inherited by the display manager and the X server, causing the log file to be created with stricter permissions.

Or you might change gdm.conf to start a tiny script instead of the X server. The script would be:

#!/bin/sh
umask 077
exec /usr/bin/X11/X "$@"

i.e. "first set up a tighter umask, then start the X server using whatever command line parameters was given to the script."

Or you could adjust the permissions of the /var/log directory to prevent regular users from accessing it: that would prevent regular users from accessing /var/log/Xorg.0.log even if its permissions are 644.

Or you could set up a sub-directory (e.g. /var/log/Xserver-log) with more restricted permissions, and add a "-logfile /var/log/Xserver-log/Xorg.0.log" option to the X server command line in the [servers] section of the gdm.conf file.

Disclaimer: I'm more of a KDE guy, and I don't have a RHEL 6.9 system with the GUI desktop installed available to me at the moment, so I could not verify the details before answering. I think the gdm.conf file might be located at /etc/gdm/gdm.conf, but I might be wrong.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.