I wish to include a count of failed login attempts whenever a user logs in.
I've created:
/usr/local/bin/dynmotd which contains
#!/bin/bash FAILLOG=`faillog -u` echo -e " $FAILLOG " and added /usr/local/bin/dynmotd to /etc/profile
The issue is I get /var/log/faillog: Permission denied
whenever I login as a regular user. Is there a way to either safely temporarily escalate privileges to run that command on the motd, or temporarily give that user access to faillog to get that response? I don't want to give all user access to faillog permanently.
UPDATE
Tried this:
#!/bin/bash CURRENTUSER=`whoami` sudo -u bob setfacl -m u:$CURRENTUSER:rx /var/log/faillog FAILLOG=`sudo -u bob faillog -u $CURRENTUSER` echo -e " $FAILLOG " Add added 'bob' to the sudoers with NOPASSWD:, this works fine when I'm logging in as 'bob' but if I try and login as 'bob2' I get asked for the sudoers password.
permission deniedI think you cansetfacl -m u:username:r /var/log/faillogto grantreadaccess to the particular user.setfacl -m u:'whoami':rx /var/log/failloggives me a setfacl: /var/log/faillog: Operation not permittedsetfaclshould be run as root user. 'whoami' is not aswhoamiand you should not use it there. Instead use a real username you want to grant read privileges to that file.kiksy. You don't need to modify the script. It will be able to read the file.