When I execute journalctl -f -a
under Fedora 20 for different users I get different results. For root I get something similar to tail -f /var/log/syslog
on older systems. As normal user I get gnome-shell warnings, some su messages, stuff Firefox writes to stdout etc. – basically a user session log.
I understand that journalctl has the concept of different journals (journalctl(1)):
Output is interleaved from all accessible journal files, whether they are rotated or currently being written, and regardless of whether they belong to the system itself or are accessible user journals.
But how to get list which journals are available for a given user?
And how to give a normal user also access to the root journal?
The journalctl man page states:
All users are granted access to their private per-user journals. However, by default, only root and users who are members of the "systemd-journal" group get access to the system journal and the journals of other users.
But this sounds like too much – the user should not have access to the journals of other normal users (just to the root journal).
Best Answer
The systemd-journald man page explains how journal access control is done:
Fedora 20 uses ACLs to give users in the
adm
andwheel
groups read access to all the journals.Run
setfacl -n -m u:username:r /var/log/journal/*/system.journal
.You can
su
to the user and runjournalctl --header|grep '^File Path'
to see the names of the journals he or she has access to.getfacl
can be used to see which groups and users have access to journal files. I don't know of a simple way to list the files that are readable by a specific user.