X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=man%2Fsystemd-journald.service.xml;h=2f877f565c5580999de9641789d4deaad53d6e24;hp=90f9290276ccb451c7aa62a7502e71268f006169;hb=3fde5f30bda2a70d97f3dc8fa918e42e1c07cc2c;hpb=34511ca7b166b0e89d08ff9870b0cf2624a7815f diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml index 90f929027..2f877f565 100644 --- a/man/systemd-journald.service.xml +++ b/man/systemd-journald.service.xml @@ -73,24 +73,24 @@ Log data collected by the journal is primarily - text based but can also include binary data where + text-based but can also include binary data where necessary. All objects stored in the journal can be up to 2^64-1 bytes in size. - By default the journal stores log data in + By default, the journal stores log data in /run/log/journal/. Since - /run/ is volatile log data is - lost at reboot. To make the data persistent it + /run/ is volatile, log data is + lost at reboot. To make the data persistent, it is sufficient to create /var/log/journal/ where systemd-journald will then store the data. systemd-journald will - forward all received log messages to the AF_UNIX - SOCK_DGRAM socket - /run/systemd/journal/syslog (if it exists) which - may be used by UNIX syslog daemons to process the data + forward all received log messages to the AF_UNIX + SOCK_DGRAM socket + /run/systemd/journal/syslog, if it exists, which + may be used by Unix syslog daemons to process the data further. See @@ -111,13 +111,13 @@ is flushed to /var/ in order to make it persistent (if this is - enabled). This may be used after + enabled). This must be used after /var/ is mounted, - but is generally not required since - the first journal write when - /var/ becomes - writable triggers the flushing - anyway. + as otherwise log data from + /run is never + flushed to /var + regardless of the + configuration. @@ -134,10 +134,10 @@ Kernel Command Line A few configuration parameters from - journald.conf may be overriden on + journald.conf may be overridden on the kernel command line: - + systemd.journald.forward_to_syslog= systemd.journald.forward_to_kmsg= @@ -158,6 +158,84 @@ + + Access Control + + Journal files are, by default, owned and readable + by the systemd-journal system group + but are not writable. Adding a user to this group thus + enables her/him to read the journal files. + + By default, each logged in user will get her/his + own set of journal files in + /var/log/journal/. These files + will not be owned by the user, however, in order to + avoid that the user can write to them + directly. Instead, file system ACLs are used to ensure + the user gets read access only. + + Additional users and groups may be granted + access to journal files via file system access control + lists (ACL). Distributions and administrators may + choose to grant read access to all members of the + wheel and adm + system groups with a command such as the + following: + + # setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ + + Note that this command will update the ACLs both + for existing journal files and for future journal + files created in the + /var/log/journal/ + directory. + + + + Files + + + + /etc/systemd/journald.conf + + Configure + systemd-journald + behaviour. See + journald.conf5. + + + + + /run/log/journal/machine-id/*.journal + /run/log/journal/machine-id/*.journal~ + /var/log/journal/machine-id/*.journal + /var/log/journal/machine-id/*.journal~ + + systemd-journald + writes entries to files in + /run/log/journal/machine-id/ + or + /var/log/journal/machine-id/ + with the .journal + suffix. If the daemon is stopped + uncleanly, or if the files are found + to be corrupted, they are renamed + using the .journal~ + suffix, and + systemd-journald + starts writing to a new + file. /run is + used when + /var/log/journal + is not available, or when + is + set in the + journald.conf5 + configuration file. + + + + See Also @@ -166,7 +244,9 @@ journalctl1, journald.conf5, systemd.journal-fields7, - sd-journal3 + sd-journal3, + setfacl1, + pydoc systemd.journal.