topic Re: User Account creation for file deletion in Firewall and Security Management

User Account creation for file deletion

ArijitNaha — Mon, 15 Sep 2025 07:51:29 GMT

Hi,

I am trying to create an user account who will only have read/write/deletion access to /var/log/opt/ this directory and it's associated files, directories via SSH/WINSCP. This is for manage space alerts in firewalls. However, I am unable to give correct permission thus user cannot go beyond past /var/log/opt/ location. Hence reaching out here if anyone can help on this.

Thanks!

Re: User Account creation for file deletion

emmap — Mon, 15 Sep 2025 08:45:52 GMT

Such file system access restrictions are not supported as far as I know.

Re: User Account creation for file deletion

_Val_ — Mon, 15 Sep 2025 08:56:27 GMT

Second that ⬆️

Re: User Account creation for file deletion

ArijitNaha — Mon, 15 Sep 2025 10:51:08 GMT

So, how do i approach this? I wanted to give an user to winscp access to firewall to delete old log files when any space alert issue comes.

Re: User Account creation for file deletion

_Val_ — Mon, 15 Sep 2025 11:10:40 GMT

In other words, you want a non-admin user with the ability to delete files? This will not work. Why not use one of the OS level admin accounts?

Re: User Account creation for file deletion

Bob_Zimmerman — Mon, 15 Sep 2025 21:01:14 GMT

Or a cronjob.

You can also set a management server to delete old logs when lv_log has under X gigabytes of free space.

Strictly, it should be possible to grant a specific user RWX access to everything under a directory using extended filesystem ACLs. New files would be created with the default permissions from the umask, though, so the user wouldn't be able to remove most logs, so a cronjob or similar would still be needed to apply the ACL. May as well have the cronjob handle the cleanup directly.

Re: User Account creation for file deletion

ArijitNaha — Wed, 17 Sep 2025 05:02:30 GMT

is there any article or document that I can refer to set this up?

Re: User Account creation for file deletion

PhoneBoy — Wed, 17 Sep 2025 11:29:47 GMT

Extended ACLs are a standard Linux thing (getfacl / setfacl).
However, we do not include these binaries in Gaia OS.

Re: User Account creation for file deletion

Bob_Zimmerman — Wed, 17 Sep 2025 14:02:01 GMT

I could have sworn I was just working with these on a Gaia system, but sure enough, they're not present. Scratch that idea!

That leaves the log cleanup options configured in SmartConsole (cleans up firewall traffic logs, but not stuff like /var/log/messages), or a cronjob.

Re: User Account creation for file deletion

ArijitNaha — Thu, 18 Sep 2025 04:27:07 GMT

How to setup in Smart console to cleanup logs at /var/log/opt/CPsuite-<RX.x>/fw1/log? Which usually has that traffic logs. Any article or document you have? Or how to setup cronjob for this as you mentioned earlier?

Re: User Account creation for file deletion

Bob_Zimmerman — Thu, 18 Sep 2025 15:01:19 GMT

Use SmartConsole to connect to your management. Open the object for the server you want to adjust. Go to Logs > Storage. Set the "When disk space is below _____, start deleting old files." option. When you're done configuring it, Menu button > Install database... and install it on at least the one you modified.