Hi,
Currently, when user runs journalctl without extra privileges, output
will be:
No journal files were found.
This patch modifies this sentence to give some hints to the user:
No journal files were found. Users in the 'systemd-journal' group
may access more messages.
It should help new comers to understand that some extra privileges can
be useful to retrieve logs.
/Gautier
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 56435ff..7f4c160 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -1581,12 +1581,13 @@ static int access_check(sd_journal *j) {
Iterator it;
void *code;
int r = 0;
-
+ bool is_privileged = (geteuid() == 0) ||
(in_group("systemd-journal") > 0);
assert(j);
if (set_isempty(j->errors)) {
if (ordered_hashmap_isempty(j->files))
- log_notice("No journal files were found.");
+ log_notice("No journal files were found.%s",
+ is_privileged?"":" Users in the
'systemd-journal' group may access more messages.");
return 0;
}
@@ -1594,9 +1595,7 @@ static int access_check(sd_journal *j) {
#ifdef HAVE_ACL
/* If /var/log/journal doesn't even exist,
* unprivileged users have no access at all */
- if (access("/var/log/journal", F_OK) < 0 &&
- geteuid() != 0 &&
- in_group("systemd-journal") <= 0) {
+ if (access("/var/log/journal", F_OK) < 0 && !
is_privileged) {
log_error("Unprivileged users cannot access
messages, unless persistent log storage is\n"
"enabled. Users in the
'systemd-journal' group may always access messages.");
return -EACCES;
@@ -1610,7 +1609,7 @@ static int access_check(sd_journal *j) {
return r;
}
#else
- if (geteuid() != 0 && in_group("systemd-journal") <= 0)
{
+ if (!is_privileged) {
log_error("Unprivileged users cannot access
messages. Users in the 'systemd-journal' group\n"
"group may access messages.");
return -EACCES;
From 0f973d231d057866d8626e680b80bded24103af0 Mon Sep 17 00:00:00 2001
From: Gautier Pelloux-Prayer <[email protected]>
Date: Sun, 11 Jan 2015 12:00:18 +0100
Subject: [PATCH] Improve log notice when unprivileged users run journalctl
executable
---
src/journal/journalctl.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 56435ff..7f4c160 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -1581,12 +1581,13 @@ static int access_check(sd_journal *j) {
Iterator it;
void *code;
int r = 0;
-
+ bool is_privileged = (geteuid() == 0) || (in_group("systemd-journal") > 0);
assert(j);
if (set_isempty(j->errors)) {
if (ordered_hashmap_isempty(j->files))
- log_notice("No journal files were found.");
+ log_notice("No journal files were found.%s",
+ is_privileged?"":" Users in the 'systemd-journal' group may access more messages.");
return 0;
}
@@ -1594,9 +1595,7 @@ static int access_check(sd_journal *j) {
#ifdef HAVE_ACL
/* If /var/log/journal doesn't even exist,
* unprivileged users have no access at all */
- if (access("/var/log/journal", F_OK) < 0 &&
- geteuid() != 0 &&
- in_group("systemd-journal") <= 0) {
+ if (access("/var/log/journal", F_OK) < 0 && !is_privileged) {
log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
"enabled. Users in the 'systemd-journal' group may always access messages.");
return -EACCES;
@@ -1610,7 +1609,7 @@ static int access_check(sd_journal *j) {
return r;
}
#else
- if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
+ if (!is_privileged) {
log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
"group may access messages.");
return -EACCES;
--
2.1.4
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
