<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - [systemd-journald][208] User in systemd-journal group can't access journal if it's in volatile storage only"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=70866">70866</a>
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>systemd-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>[systemd-journald][208] User in systemd-journal group can't access journal if it's in volatile storage only
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>systemd-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>minor
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux (All)
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>reztho@archlinux.us
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>general
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>systemd
          </td>
        </tr></table>
      <p>
        <div>
        <pre>In the man page of journalctl, we can see this:
"All users are granted access to their private per-user journals. However, by
default, only root and users who are members of the "systemd-journal" group get
access to the system journal and the journals of other users."

But this only applies as long as the journal uses the persistent storage. Users
can't access the journal when only using the volatile storage: the journal file
in /run/log/journal/%m/system.journal is owned by root.root.

Steps to reproduce:
1. gpasswd -a user systemd-journald
2. Edit the file /etc/systemd/journald.conf and change the storage line to:
Storage=volatile
3. Reboot, login as user and run journalctl:
No journal files were found

Workaround, thanks to alxchk from the official systemd IRC channel:
1. Add these lines to
/etc/systemd/system/systemd-journald.service.d/fixperms.conf
[Service]
ExecStartPre=/usr/bin/systemd-tmpfiles --create --prefix=/run/log

2. Add this line to /etc/tmpfiles.d/journald_fixperms.conf:
d /run/log/journal 2755 root systemd-journal - -</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>