diff --git a/man/journald.conf.xml b/man/journald.conf.xml index 3964cd6bc5..fef4fde898 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -129,21 +129,22 @@ SplitMode= - Controls whether to split up journal files per - user. One of uid, login - and none. If uid, all - users will get each their own journal files regardless of - whether they possess a login session or not, however system - users will log into the system journal. If - login, actually logged-in users will get - each their own journal files, but users without login session - and system users will log into the system journal. If - none, journal files are not split up by - user and all messages are instead stored in the single system - journal. Note that splitting up journal files by user is only - available for journals stored persistently. If journals are - stored on volatile storage (see above), only a single journal - file for all user IDs is kept. Defaults to + Controls whether to split up journal files per user. Split-up journal files are primarily + useful for access control: on UNIX/Linux access control is managed per file, and the journal daemon will assign + users read access to their journal files. This setting takes one of uid, + login or none. If uid, all regular users will get each + their own journal files regardless of whether their processes possess login sessions or not, however system + users will log into the system journal. If login, actually logged-in users will get each + their own journal files, but users without login session and system users will log into the system + journal. Note that in this mode, user code running outside of any login session will log into the system log + instead of the split-out user logs. Most importantly, this means that information about core dumps of user + processes collected via the + systemd-coredump8 subsystem + will end up in the system logs instead of the user logs, and thus not be accessible to the owning users. If + none, journal files are not split up by user and all messages are instead stored in the + single system journal. In this mode unprivileged users generally do not have access to their own log data. Note + that splitting up journal files by user is only available for journals stored persistently. If journals are + stored on volatile storage (see above), only a single journal file for all user IDs is kept. Defaults to uid.