I have a directory owned by root (/var/log/apache2). I would like a user to have read only access to this folder - without changing the group owner of this folder. Is it possible to do that without adding user to the sudoers file?
It depends on how your system is set up.
If you're lucky, the adm group already has read access to those files. If so, then simply add your user to the adm group:
sudo usermod -aG adm SOMEUSER
The adm group is commonly used to provide read access to system log files, without having to give the user super powers. Your user will also be able to read anything else adm group has access to.
If those files have no group access at all, (ie they show -rw------- and are owned by root/root), then the next best option is to use setfacl to give your user read access to those files:
sudo setfacl --modify u:SOMEUSER:rx /var/log/apache2 # let them in to the dir
sudo setfacl --modify u:SOMEUSER:r /var/log/apache2/* # let them read the files
Be aware that once logrotate shuffles those files, your user may not have access to the new log file. You might have to set up your setfacl commands in a cron job to keep access going.
It is also possible to expand permissions on that folder, but persisting that change involves modifying the /etc/logrotate.d/apache2 file. Since your package manager likely created /etc/logrotate.d/apache2 (and will probably want to modify it at some point) I don't recommend going that route.