[systemd-devel] [RFC PATCH] journalctl: downgrade access check error to a warning

[Zbigniew Jędrzejewski-Szmek]

There are many ways in which we can get those checks wrong,
so it is better to warn and then error out on a real access
failure.
---
What about downgrading the warnings to avoid bug reports when
the check is wrong?

 src/journal/journalctl.c | 31 +++++++++++++------------------
 1 file changed, 13 insertions(+), 18 deletions(-)

diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 3682329..6118fb0 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -878,24 +878,21 @@ static int verify(sd_journal *j) {
         return r;
 }
 
-static int access_check(void) {
-
+static void access_warning(void) {
 #ifdef HAVE_ACL
-        if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("systemd-journal") <= 0) {
-                log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'systemd-journal' can always see messages.");
-                return -EACCES;
-        }
-
-        if (!arg_quiet && geteuid() != 0 && in_group("systemd-journal") <= 0)
-                log_warning("Showing user generated messages only. Users in the group 'systemd-journal' can see all messages. Pass -q to turn this notice off.");
+        if (access("/var/log/journal", F_OK) < 0 &&
+            geteuid() != 0 &&
+            in_group("systemd-journal") <= 0)
+                log_warning("Unprivileged users can't see messages unless persistent log storage is enabled. "
+                            "Users in the group 'systemd-journal' can always see messages.");
+        else if (!arg_quiet && geteuid() != 0 &&
+                 in_group("systemd-journal") <= 0)
+                log_warning("Showing user generated messages only. Users in the group 'systemd-journal' can "
+                            "see all messages. Pass -q to turn this notice off.");
 #else
-        if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
-                log_error("No access to messages. Only users in the group 'systemd-journal' can see messages.");
-                return -EACCES;
-        }
+        if (geteuid() != 0 && in_group("systemd-journal") <= 0)
+                log_warning("No access to messages. Only users in the group 'systemd-journal' can see messages.");
 #endif
-
-        return 0;
 }
 
 int main(int argc, char *argv[]) {
@@ -938,9 +935,7 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
-        r = access_check();
-        if (r < 0)
-                goto finish;
+        access_warning();
 
         if (arg_directory)
                 r = sd_journal_open_directory(&j, arg_directory, 0);
-- 
1.8.1.4