Can't read or follow /var/log/pihole/pihole.log as regular user after update

older-pack · July 8, 2022, 12:44pm

Please follow the below template, it will help us to help you!

If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using `nginx` instead of `lighttpd`, or there is some other aspect of your install that is customised) - please use the Community Help category.

Expected Behaviour:

To be able to run $ tail -F /var/log/pihole/pihole.log as a regular user.

Actual Behaviour:

I get this error

$ tail -F /var/log/pihole/pihole.log
	tail: cannot open '/var/log/pihole/pihole.log' for reading: Permission denied

Details

Hi
After the recent update I can't read /var/log/pihole/pihole.log as a regular user.
I get this error

$ tail -F /var/log/pihole/pihole.log
	tail: cannot open '/var/log/pihole/pihole.log' for reading: Permission denied

Before the update I was able to add this:
tail -F /var/log/pihole.log

to my regular user account's ~/.profile and it would automatically follow /var/log/pihole.log when I'd log in to my pihole system via ssh.

The update changed the path to /var/log/pihole/pihole.log but even with that it still doesn't work.

How can I follow /var/log/pihole/pihole.log as a regular user? Thank you.

Journalctl also fails

$ journalctl -f --file /var/log/pihole/pihole.log
Failed to open files: Permission denied

The files permissions are

$ ls -l /var/log/pihole/pihole.log
-rw-r----- 1 pihole pihole 127319 Jul  8 12:16 /var/log/pihole/pihole.log

Other files' permissions


$ ls -l /var/log/pihole/
total 432
-rw-r--r-- 1 pihole pihole   8810 Jul  8 12:00 FTL.log
-rw-r--r-- 1 pihole pihole   1497 Jul  8 00:00 FTL.log.1
-rw-r--r-- 1 pihole pihole    417 Jul  7 00:00 FTL.log.2.gz
-rw-r--r-- 1 pihole pihole    302 Jul  6 00:00 FTL.log.3.gz
-rw-r----- 1 pihole pihole 127319 Jul  8 12:16 pihole.log
-rw-r--r-- 1 pihole pihole 121281 Jul  8 00:00 pihole.log.1
-rw-r--r-- 1 pihole pihole  18079 Jul  7 00:00 pihole.log.2.gz
-rw-r--r-- 1 pihole pihole  34382 Jul  6 00:00 pihole.log.3.gz
-rw-r--r-- 1 pihole pihole  29855 Jul  5 00:00 pihole.log.4.gz
-rw-r--r-- 1 pihole pihole  58114 Jul  4 00:00 pihole.log.5.gz
-rw-r--r-- 1 root   root     4178 Jul  8 00:00 pihole_updateGravity.log

System details

Pihole details
Current Pi-hole version is v5.11.3
Current AdminLTE version is v5.13
Current FTL version is v5.16.1

I'm running Armbian 22.05.3 Buster with Linux 5.15.48-sunxi

$ cat /etc/armbian.txt
--------------------------------------------------------------------------------
Title:			Armbian 22.05.3 Orangepipcplus current
Kernel:			Linux 
Build date:		22.06.2022
Builder rev:		13f5fba13c1
Maintainer:		Igor Pecovnik <igor.pecovnik@****l.com>
Authors:		https://www.armbian.com/authors
Sources: 		https://github.com/armbian/
Support: 		https://forum.armbian.com/
Changelog: 		https://www.armbian.com/logbook/
Documantation:		https://docs.armbian.com/
--------------------------------------------------------------------------------

jfb · July 8, 2022, 1:09pm

In the latest release, we changed the permissions on that file, removing the read permission. This prevents users other than Pi-hole from having access to the data contained in the file (for privacy reasons).

The command to use to tail this file is pihole -t. This not only live tails the file, but it color codes the output so you can more easily identify blocked domains.

If you want to search the pihole log, use sudo. Example:

pi@Pi-3B-DEV:~ $ sudo grep apple /var/log/pihole/pihole.log | grep query | tail -n5
Jul  8 08:03:01 dnsmasq[2668]: query[HTTPS] itunes.apple.com.edgekey.net from 192.168.0.135
Jul  8 08:03:01 dnsmasq[2668]: query[A] itunes.apple.com.edgekey.net from 192.168.0.135
Jul  8 08:03:01 dnsmasq[2668]: query[HTTPS] p16-buy.itunes.apple.com from 192.168.0.135
Jul  8 08:03:01 dnsmasq[2668]: query[A] p16-buy.itunes.apple.com from 192.168.0.135
Jul  8 08:03:01 dnsmasq[2668]: query[HTTPS] p16-buy-lb.itunes-apple.com.akadns.net from 192.168.0.135

older-pack · July 8, 2022, 1:27pm

So, for security reasons no more regular user access to pihole.log. Got it.

Thanks for the quick reply and thanks to you and to all who contribute to pi-hole. Its amazing.

jpgpi250 · July 8, 2022, 9:50pm

take a look at this, may interest you...

older-pack · July 13, 2022, 4:18pm

Hi. Thanks for your tip.
I'm on Linux desktop so I'm not sure that it would work for me.
Even if it did I think I'd still have to login as root or use sudo to get tail to work with the new log permissions.

I was hoping there would be a password-free way (and without root a/c or sudo) to view pi-hole log.
But thanks again.

jfb · July 13, 2022, 4:20pm

The information in the dnsmasq log is pretty much the same as what is shown in the Pi-hole web admin query log. Time, domain, requesting client, answer, etc.

older-pack · July 13, 2022, 4:28pm

I'm not familiar with the dnsmasq log. I can't find it in /var/log (I presume its named dnsmasq.log ?) You don't happen to know where it is? Thanks.

jfb · July 13, 2022, 4:29pm

The dnsmasq log is the Pi-hole log at /var/log/pihole/pihole.log. Apologies - I should have made the connection in my reply.

older-pack · July 13, 2022, 4:31pm

No problem. Its just like something I'd do myself Thanks anyway.

system · August 3, 2022, 4:31pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.