X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fjournal%2Fjournalctl.c;fp=src%2Fjournal%2Fjournalctl.c;h=2b0e00ee8f4f4ab400f7286c52941bc8f210a5b7;hp=56435ff7b4467455879ab41f7c08356fdc58d8b3;hb=05c1853093d8c4e4aa16876b5129b65dac5abd01;hpb=93b06fd0f02d01a60538da717114160ab256b675

diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 56435ff7b..2b0e00ee8 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -1539,10 +1539,17 @@ static int access_check_var_log_journal(sd_journal *j) {
         have_access = in_group("systemd-journal") > 0;
 
         if (!have_access) {
+                const char* dir;
+
+                if (access("/run/log/journal", F_OK) >= 0)
+                        dir = "/run/log/journal";
+                else
+                        dir = "/var/log/journal";
+
                 /* Let's enumerate all groups from the default ACL of
                  * the directory, which generally should allow access
                  * to most journal files too */
-                r = search_acl_groups(&g, "/var/log/journal/", &have_access);
+                r = search_acl_groups(&g, dir, &have_access);
                 if (r < 0)
                         return r;
         }
@@ -1568,7 +1575,7 @@ static int access_check_var_log_journal(sd_journal *j) {
                                 return log_oom();
 
                         log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
-                                   "      Users in the groups '%s' can see all messages.\n"
+                                   "      Users in groups '%s' can see all messages.\n"
                                    "      Pass -q to turn off this notice.", s);
                 }
         }
@@ -1592,18 +1599,8 @@ static int access_check(sd_journal *j) {
 
         if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
 #ifdef HAVE_ACL
-                /* If /var/log/journal doesn't even exist,
-                 * unprivileged users have no access at all */
-                if (access("/var/log/journal", F_OK) < 0 &&
-                    geteuid() != 0 &&
-                    in_group("systemd-journal") <= 0) {
-                        log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
-                                  "enabled. Users in the 'systemd-journal' group may always access messages.");
-                        return -EACCES;
-                }
-
-                /* If /var/log/journal exists, try to pring a nice
-                   notice if the user lacks access to it */
+                /* If /run/log/journal or /var/log/journal exist, try
+                   to pring a nice notice if the user lacks access to it. */
                 if (!arg_quiet && geteuid() != 0) {
                         r = access_check_var_log_journal(j);
                         if (r < 0)