You can use ACLs. I got direction from this article to set this up in my CentOS test environment.
From the article: Some filesystem types always have ACL available, regardless of mount options; this is the case for tmpfs, xfs and zfs.
To check your filesystem:
If you're running with one of these filesystem types, you can set permissions as required by following this article:
To set acl to a directory recursively:
setfacl -R -m u:splunk:r /var/log
getfacl -R /var/log
To set acl for individual files:
setfacl -m u:splunk:r /var/log/messages
If you are running a filesystem that does not have ACLs available natively, then here is an article to run through in your test environment:
Take care. Brush your hair.
... View more