Am 26.09.2013 18:13, schrieb Guido Günther: > See my other reply. Upstream actually does both: allow for adm _and_ > systemd-journal via ACLs to have a minimal read only user you can assign > to e.g. daemons that should be allowed to read system journal but > nothing else. It's somewhat similar to what we did with the libvirt-qemu > user and the kvm user.
Minor correction here: The primary group (let's use systemd-journal for now) is used by systemd-journald to chgrp the files, like -rw-r----- 1 root systemd-journal 27230208 Sep 26 18:57 system.journal I.e., it also works on file systems which don't have ACL support enabled. Read-access for group adm is done by running setfacl -nm g:adm:rx,d:g:adm:rx $(DESTDIR)/var/log/journal/ on make install. Fwiw, we don't enable persistent logging atm, and read-access via systemd-journal group or via ACL is only applicable for persistent logs. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
