[man] note which UID ranges will get user journals

Fixes #13926
2019-12-18 16:09:49 -08:00 · 2019-12-18 16:09:49 -08:00 · a1533ad73f
parent d59fc29bb7
commit a1533ad73f
2 changed files with 10 additions and 4 deletions
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@ -110,8 +110,11 @@
        <listitem><para>Controls whether to split up journal files per user, either <literal>uid</literal> or
        <literal>none</literal>. Split journal files are primarily useful for access control: on UNIX/Linux access
        control is managed per file, and the journal daemon will assign users read access to their journal files. If
-        <literal>uid</literal>, all regular users will each get their own journal files, and system users will log to
-        the system journal. If <literal>none</literal>, journal files are not split up by user and all messages are
+        <literal>uid</literal>, all regular users (with UID outside the range of system users, dynamic service users,
+        and the nobody user) will each get their own journal files, and system users will log to the system journal.
+        See <ulink url="https://systemd.io/UIDS-GIDS">Users, Groups, UIDs and GIDs on systemd systems</ulink>
+        for more details about UID ranges.
+        If <literal>none</literal>, journal files are not split up by user and all messages are
        instead stored in the single system journal. In this mode unprivileged users generally do not have access to
        their own log data. Note that splitting up journal files by user is only available for journals stored
        persistently. If journals are stored on volatile storage (see <varname>Storage=</varname> above), only a single
--- a/man/systemd-journald.service.xml
+++ b/man/systemd-journald.service.xml
@ -200,8 +200,11 @@ systemd-tmpfiles --create --prefix /var/log/journal</programlisting>
    writable. Adding a user to this group thus enables them to read
    the journal files.</para>

-    <para>By default, each logged in user will get their own set of
-    journal files in <filename>/var/log/journal/</filename>. These
+    <para>By default, each user, with a UID outside the range of system users,
+    dynamic service users, and the nobody user, will get their own set of
+    journal files in <filename>/var/log/journal/</filename>. See
+    <ulink url="https://systemd.io/UIDS-GIDS">Users, Groups, UIDs and GIDs on systemd systems</ulink>
+    for more details about UID ranges. These journal
    files will not be owned by the user, however, in order to avoid
    that the user can write to them directly. Instead, file system
    ACLs are used to ensure the user gets read access only.</para>