Open johanvdw opened 4 months ago
Thank you for your suggestion :-) - would you be able to sent a pull request for this?
The role already adds promtail to the adm
group, which has these read rights by default. If someone is hiding a log file from adm
(due to sensitive information?) perhaps that should be respected.
At least in our setup, I noticed quite a lot of files which were not group-owned by adm, and not all had easy switches to change it. Perhaps a nice intermediate solution would be a list of paths (or files) for which you want this, defaulting to an empty list.
This is a proposal. Using the code below it is possible to give the promtail user read access to /var/log regardless of the mode/owner. Is this something desirable for this role? Should it be configurable which paths get this access?