dmesg: read kernel buffer failed: Operation not permitted

This has been intentionally changed a while ago, please see [1]. Thanks!

[1] https://lists.ubuntu.com/archives/ubuntu-devel/2020-June/041063.html

And yet /var/log/dmesg is wide open. How entertaining!

That isn't the case, apparently.

The file is only readable by user/group, but not others, in Impish, at least.

Upgrade:

$ lsb_release -cs
impish

$ ls -l /var/log/dmesg
-rw-r----- 1 root adm 95595 Oct 28 11:46 /var/log/dmesg

Install:

$ lsb_release -cs
impish

$ ls -l /var/log/dmesg
-rw-r----- 1 root adm 45200 Dec 1 12:12 /var/log/dmesg

Apparently I am in the adm group. Who knew? Seems like dmesg could check the user for that.

I can confirm dmesg on Ubuntu 21.10 gives me "Operation not permitted", even though my user is in the "adm" group:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 21.10
Release: 21.10
Codename: impish

$ ls -l /var/log/dmesg*
-rw-r----- 1 root adm 100336 Mar 13 17:01 /var/log/dmesg
-rw-r----- 1 root adm 94365 Mar 13 16:40 /var/log/dmesg.0
-rw-r----- 1 root adm 23990 Mar 13 15:00 /var/log/dmesg.1.gz
-rw-r----- 1 root adm 23017 Mar 9 21:50 /var/log/dmesg.2.gz
-rw-r----- 1 root adm 23295 Mar 4 18:51 /var/log/dmesg.3.gz
-rw-r----- 1 root adm 23253 Feb 24 21:34 /var/log/dmesg.4.gz

$ id
uid=1000(marji) gid=1000(marji) groups=1000(marji),4(adm),5(tty),10(uucp),20(dialout),24(cdrom),27(sudo),30(dip),46(plugdev),121(lpadmin),132(lxd),133(sambashare),134(docker)

$ dmesg
dmesg: read kernel buffer failed: Operation not permitted

I can now see that the dmesg command - starting with Ubuntu 21.10 - is NOT meant to work for the users in "adm" group. It is now meant to be run as admin or with sudo. This is a security decision.
Described in here: https://ruffell.nz/programming/writeups/2020/10/24/getting-dmesg-restrict-enabled-in-ubuntu-groovy.html

Interesting that this was supposed to have been incorporated into Ubuntu, and therefore all the *buntu flavors since the end of 2021. Well, up until this evening (28 May 2024) i have been able the simply use dmesg, without sudo, in every Kubuntu distro I've used since then and of course before then. And also of course, Kubuntu IS Ubuntu with just a few different sparkly parts on UI end of things.

Well, if you all believe that limiting dmesg to only use with sudo is somehow more secure, then O.K. I'm just surprised that it took this long to be implemented.

Have a great day!!