In one word, sudo. See sudoers(5) for overview and syntax.
Use command visudo to edit your sudoers file, create a host_alias, a user_alias called LOGVIEWERS or similar. Add groups (%users) or the login usernames of just the users you want to grant access to.
Add a Cmnd_Alias ACCESSLOGVIEW or similar. Something like /bin/rview /var/log/apache/access.
Now tie the user, host and command using
and you're all set.
The user(s) thus added will be able to view the log when they
sudo rview /var/log/apache/access
when they will be prompted for *their* password. ( You can add a 'NOPASSWD:' before ACCESSLOGVIEW to circumvent this.) It wont ask them for a password again for another sudo command for the next 5 minutes IIRC.
PS: /bin/view is a 'read-only' version of the visual editor. rview is a restricted view, as in the user cannot spawn a shell or run a command using the colon key.
Last edited by nxny; 07-07-2003 at 01:29 PM.