dmesg: read kernel buffer failed: Permission denied

Since recently Debian has changed the default behavior for dmesg and I cannot use it simply from my local user.

% dmesg
dmesg: read kernel buffer failed: Operation not permitted

Same goes for:

% cat /dev/kmsg                      
cat: /dev/kmsg: Operation not permitted

Starring at the bug tracker this lead to:

How do I change this behavior back to the previous one, where local user are allowed to use dmesg. I could not find a particular group for it (eg. sudoers or something like that).

Answer

So it was actually trivial, looking at the very last message from the bug report:

Part of the changelog from the aforementioned kernel: * security,printk: Enable SECURITY_DMESG_RESTRICT, preventing non-root users reading the kernel log by default (sysctl: kernel.dmesg_restrict)

So the solution is simply to run once:

% sudo sysctl kernel.dmesg_restrict=0
kernel.dmesg_restrict = 0

Then your local user can start using dmesg again. This apply to any user, instead of a group which I initially assumed.

Everything is back to what I wanted:

% dmesg|wc
   1307   11745   93652

and

% cat /dev/kmsg|head|wc
     10      82     857

And to make it persists across reboots, simply save it as conf file:

$ cat /etc/sysctl.d/10-local.conf 
kernel.dmesg_restrict = 0

Leave a Reply

Your email address will not be published. Required fields are marked *