Layer7 API Management

Expand all | Collapse all

Read-only User

Jump to Best Answer
  • 1.  Read-only User

    Posted 03-15-2019 01:49 AM

    Hi,

     

    This is regards to the API Gateway and Portal Appliances. 

    The default user allowed to login the console is ssgconfig user, and from there to access the root shell.

     

    For audit and troubleshooting only purpose, is it possible to create a read-only user that has the permission to only read (no write allowed) the logs in /opt/SecureSpan/Gateway/node/default/var/logs ?

     

    As for the API Developer Portal appliance, the read-only user should be able to read log files in /opt/Deployments/lrs/server/logs/

     

    Please let know if this is doable, thank you.



  • 2.  Re: Read-only User
    Best Answer

    Posted 03-17-2019 05:53 PM

    Hello,

    For gateway, you don't have to access root shell to view the log, on gateway menu, select,

    9) Display Log Viewing menu

    ie. the ssgconfig user can view the logs on gateway menu

     

    For portal, the log file permission is,

    -rw-r--r-- 1 l7portal portalusers

     

    You can create a new user in portalusers group to read-only the portal logs

     

    Regards,

    Mark



  • 3.  Re: Read-only User

    Posted 03-17-2019 11:02 PM

    Hi Mark,

     

    Thank you for the reply.

     

    As per requirement, a read-only user should be created just for audit and troubleshooting purpose.

    So I have tried to create another user(audituser) to access the menu using /opt/SecureSpan/Platform/bin/configuser_profile_menu.sh

     

    Found out the user does not have permission to read the logs.

    So in the sudoer list, I have added this line:

    audituser ALL = NOPASSWD: /opt/SecureSpan/Appliance/libexec/viewlog

     

    Regards,

    Cho