[systemd-devel] How to allow a user to use journalctl to see user-specific systemd service logs?

Lennart Poettering lennart at poettering.net
Wed Oct 5 11:49:02 UTC 2016

On Mon, 03.10.16 14:59, Daniel Ng (danielng56 at gmail.com) wrote:

> I am running user-level services in Ubuntu 16.04 LTS.  For example, I have
> my test.service located at ~/.config/systemd/user/test.service
> I was able to run the service by doing
>     systemctl --user start test.target
> However, when I try to read its log using journalctl, I got this error
> message:
>     journalctl --user -u test.service
>     Hint: You are currently not seeing messages from other users and the
> system.
>       Users in the 'systemd-journal' group can see all messages. Pass -q to
>       turn off this notice.
>     No journal files were opened due to insufficient permissions.

On very recent systemd versions "journalctl --user -u SERVICENAME"
should just work as you think. On older versions you have to use
"--user --user-unit=SERVICENAME" instead.

> How can I use journalctl for user's specific unit?

Also, note that you ned perms to the journal for this to work. If you
are root or part of the "systemd-journal" system group, then you are
able to see all logs, regardless which subsystem or which user
generated them. If you are neither root, nor in that group you will
only get to see logs generated by processes you run under your own
user ID. However, this only works if the persistent logging is enabled
on your system, it does not work if only volatile logging is enabled
(check Storage= in journald.conf regarding this).


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list