Linux: Restrict Unprivileged Users From Using dmesg

Objective: Prevent unprivileged users from using dmesg to view messages from the kernel’s log buffer.

The kernel ring buffer is a data structure that records messages related to the operation of the Linux kernel. A ring buffer is constant in size, and the oldest messages are overwritten when new messages come in.

dmesg command output can be printed out using the dmesg command.

To read the dmesg contents in a human readable format, use the following command.

The kernel parameter kernel.dmesg_restrict can be used to restrict non-root or unprivileged users from using dmesg. When kernel.dmesg_restrict is set to 1, only root and users users who have CAP_SYSLOG capability can use dmesg.

To restrict the use of dmesg, run the following sysctl command.

You can also modify the kernel parameter by modifying the dmesg_restrict file in proc filesystem.

The current value of the kernel parameter can be checked b running the following command.

Once the dmesg restriction is in place, unprivileged users will get the following error when running dmesg.

To allow a certain group of users to use dmesg, for example to only allow users from the wheel group to use dmesg, Linux capabilities could be used.

Run the following commands to create a dmesg.wheel binary that will have the CAP_SYSLOG capability.

Now, users in the wheel group can run dmesg.wheel command to print dmesg contents.

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }

« Previous Article