17

The journald documentation says that adding a user to 'systemd-journal' group or 'adm' group allows the user to access system-wide journal.

I'm running the latest CentOS 7 and I seem to have problem accessing the journal as a non-root user.

Here's my config:

$ id
uid=1000(centos) gid=1000(centos) groups=1000(centos),4(adm),10(wheel),190(systemd-journal) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

$ cat /etc/systemd/journald.conf
[Journal]
Storage=persistent

$ journalctl
-- Logs begin at Sat 2015-08-29 16:35:52 UTC, end at Sat 2015-08-29 17:28:47 UTC. --
Aug 29 16:35:52 hostname ... <log continues>

There are no system logs in journalctl output. Here's my permissions config:

$ ll -a /var/log/journal/f9afeb75a5a382dce8269887a67fbf58/
total 24592
drwxr-xr-x. 2 root root     4096 Aug 29 16:35 .
drwxr-xr-x. 3 root root     4096 Aug 29 17:28 ..
-rw-r-----. 1 root root 16777216 Aug 29 17:27 system.journal
-rw-r-----+ 1 root root  8388608 Aug 29 17:33 user-1000.journal

If I change the ownership group of system.journal to systemd-journal everything works fine. However this does not seem right, since the documentation does not say anything about it.

Is there anything I'm missing or is it actually required to manually change the group of the system.journal file?

Thank you

mike
  • 221
  • 1
  • 4
  • 12
  • 2
    Possible duplicate of [systemd: how do I view journals with journalctl without switching to root on CentOS 7?](http://serverfault.com/questions/681632/systemd-how-do-i-view-journals-with-journalctl-without-switching-to-root-on-cen) – Léo Lam Feb 16 '16 at 00:50

2 Answers2

7

The solution is to change group ownership and add a sticky bit to the parent folder before the .journal files are created.

chown :systemd-journal /var/log/journal/f9afeb75a5a382dce8269887a67fbf58
chmod g+s /var/log/journal/f9afeb75a5a382dce8269887a67fbf58
mike
  • 221
  • 1
  • 4
  • 12
  • This gets `journalctl` to work for me, but it does not see all the message that root can see... – Gert van den Berg Feb 19 '19 at 07:35
  • @GertvandenBerg try checking if the existing files are readable by `systemd-journal`. The commands posted here made sure only new files are readable, not existing ones. – mike Feb 19 '19 at 13:44
  • On the Ubuntu setup, the permissiosn was correct... The output of journalctl as root inlcudes all services, while it seems like a normal user in the systemd-journal group can only se boot-related messages.... (But that might have been related to not logging in again for logging into the new group - it looks fine now...) – Gert van den Berg Feb 19 '19 at 14:39
5

Well, I am not running Centos 7, but found this issue. I did these steps, but did not help, at least on Ubuntu 18.04 I got a message that

Hint: You are currently not seeing messages from other users and the system.
      Users in groups 'adm', 'systemd-journal' can see all messages.
      Pass -q to turn off this notice.

So I did sudo usermod -a -G systemd-journal my_user then exit (from ssh) and log back in for the groups change to take effect and after that I can see the journal messages with my normal user.

Attila123
  • 161
  • 1
  • 4
  • Hey, thanks for sharing the tip. I am using Ubuntu 20.04 and this doesn't work for me. Anyone else has this problem and solved it? – Cheolsoon Im Apr 22 '21 at 01:41
  • Works on `debian 10`. Could you explain what the flags mean. – Timo May 25 '21 at 18:32
  • 1
    @Timo Regarding the flags: this is a command you run into when searching for adding a user to a group (on GNU/Linux). So it adds `my_user` to the `systemd-journal` group – Attila123 Jul 12 '22 at 21:00