[systemd-devel] [PATCH] Improve log notice when unprivileged users run journalctl executable (reformatted)

Gautier Pelloux-Prayer gautier at damsy.net
Sun Mar 8 00:33:24 PST 2015


Hi list,

Currently, when user runs journalctl without extra privileges, output
is:

    No journal files were found.

This patch modifies this feedback by giving permission-hint to the user:

    No journal files were found. Users in the 'systemd-journal' group
may access more messages.

It should help new comers to understand that some extra privileges can
be useful to retrieve logs.

/Gautier

diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 56435ff..7f4c160 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -1581,12 +1581,13 @@ static int access_check(sd_journal *j) {
         Iterator it;
         void *code;
         int r = 0;
-
+        bool is_privileged = (geteuid() == 0) ||
(in_group("systemd-journal") > 0);
         assert(j);
 
         if (set_isempty(j->errors)) {
                 if (ordered_hashmap_isempty(j->files))
-                        log_notice("No journal files were found.");
+                        log_notice("No journal files were found.%s",
+                          is_privileged?"":" Users in the
'systemd-journal' group may access more messages.");
                 return 0;
         }
 
@@ -1594,9 +1595,7 @@ static int access_check(sd_journal *j) {
 #ifdef HAVE_ACL
                 /* If /var/log/journal doesn't even exist,
                  * unprivileged users have no access at all */
-                if (access("/var/log/journal", F_OK) < 0 &&
-                    geteuid() != 0 &&
-                    in_group("systemd-journal") <= 0) {
+                if (access("/var/log/journal", F_OK) < 0 && !
is_privileged) {
                         log_error("Unprivileged users cannot access
messages, unless persistent log storage is\n"
                                   "enabled. Users in the
'systemd-journal' group may always access messages.");
                         return -EACCES;
@@ -1610,7 +1609,7 @@ static int access_check(sd_journal *j) {
                                 return r;
                 }
 #else
-                if (geteuid() != 0 && in_group("systemd-journal") <= 0)
{
+                if (!is_privileged) {
                         log_error("Unprivileged users cannot access
messages. Users in the 'systemd-journal' group\n"
                                   "group may access messages.");
                         return -EACCES;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Improve-log-notice-when-unprivileged-users-run-journ.patch
Type: text/x-patch
Size: 2319 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150308/e2e81c42/attachment.bin>


More information about the systemd-devel mailing list