dmesg: read kernel buffer failed: Permission denied

Question

Since recently Debian has changed the default behavior for dmesg and I cannot use it simply from my local user.

% dmesg
dmesg: read kernel buffer failed: Operation not permitted

Same goes for:

% cat /dev/kmsg                      
cat: /dev/kmsg: Operation not permitted

Starring at the bug tracker this lead to:

• dmesg: read kernel buffer failed: Operation not permitted

How do I change this behavior back to the previous one, where local user are allowed to use dmesg. I could not find a particular group for it (eg. sudoers or something like that).

Answer 1

So it was actually trivial, looking at the very last message from the bug report:

• Re: Bug#842226: dmesg: read kernel buffer failed: Operation not permitted

Part of the changelog from the aforementioned kernel:

• security,printk: Enable SECURITY_DMESG_RESTRICT, preventing non-root users reading the kernel log by default (sysctl: kernel.dmesg_restrict)

So the solution is simply to run once:

% sudo sysctl kernel.dmesg_restrict=0
kernel.dmesg_restrict = 0

Then your local user can start using dmesg again. This apply to any user, instead of a group which I initially assumed.

Everything is back to what I wanted:

% dmesg|wc
   1307   11745   93652

and

% cat /dev/kmsg|head|wc
     10      82     857

And to make it persists across reboots, simply save it as conf file:

$ echo kernel.dmesg_restrict = 0 | sudo tee -a /etc/sysctl.d/10-local.conf >/dev/null
$ cat /etc/sysctl.d/10-local.conf 
kernel.dmesg_restrict = 0

If you are on Ubuntu, for release 20.10 onwards there is already a line to persist this setting in /etc/sysctl.d/10-kernel-hardening.conf. After changing the file, to make the changes effective the user either needs to reboot or run sudo service procps restart .