X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=man%2Fsystemd-journald.service.xml;h=bc32c8e38bd29c942de2967a84846c133597ca7c;hb=7ba9719595ee13612c9aea786233ffdd4d77ee46;hp=65f6e52602f46d8bcb348c05083b43c3e8a61575;hpb=4940835715197bcc5924fc5e4d163a07b0940e02;p=elogind.git
diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml
index 65f6e5260..bc32c8e38 100644
--- a/man/systemd-journald.service.xml
+++ b/man/systemd-journald.service.xml
@@ -44,12 +44,14 @@
systemd-journald.service
+ systemd-journald.socket
systemd-journald
- systemd Journal Service
+ Journal service
systemd-journald.service
+ systemd-journald.socket
/usr/lib/systemd/systemd-journald
@@ -132,10 +134,10 @@
Kernel Command Line
A few configuration parameters from
- journald.conf may be overriden on
+ journald.conf may be overridden on
the kernel command line:
-
+
systemd.journald.forward_to_syslog=
systemd.journald.forward_to_kmsg=
@@ -156,6 +158,38 @@
+
+ Access Control
+
+ Journal files are by default owned and readable
+ by the systemd-journal system group
+ (but not writable). Adding a user to this group thus
+ enables her/him to read the journal files.
+
+ By default, each logged in user will get her/his
+ own set of journal files in
+ /var/log/journal/. These files
+ will not be owned by the user however, in order to
+ avoid that the user can write to them
+ directly. Instead, file system ACLs are used to ensure
+ the user gets read access only.
+
+ Additional users and groups may be granted
+ access to journal files via file system access control
+ lists (ACL). Distributions and administrators may
+ choose to grant read access to all members of the
+ wheel and adm
+ system groups with a command such as the
+ following:
+
+ # setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
+
+ Note that this command will update the ACLs both
+ for existing journal files and for future journal
+ files created in the
+ /var/log/journal/
+ directory.
+
See Also
@@ -163,7 +197,9 @@
systemd1,
journalctl1,
journald.conf5,
- systemd.journal-fields7
+ systemd.journal-fields7,
+ sd-journal3,
+ setfacl1