parent
d59fc29bb7
commit
a1533ad73f
|
@ -110,8 +110,11 @@
|
||||||
<listitem><para>Controls whether to split up journal files per user, either <literal>uid</literal> or
|
<listitem><para>Controls whether to split up journal files per user, either <literal>uid</literal> or
|
||||||
<literal>none</literal>. Split journal files are primarily useful for access control: on UNIX/Linux access
|
<literal>none</literal>. Split journal files are primarily useful for access control: on UNIX/Linux access
|
||||||
control is managed per file, and the journal daemon will assign users read access to their journal files. If
|
control is managed per file, and the journal daemon will assign users read access to their journal files. If
|
||||||
<literal>uid</literal>, all regular users will each get their own journal files, and system users will log to
|
<literal>uid</literal>, all regular users (with UID outside the range of system users, dynamic service users,
|
||||||
the system journal. If <literal>none</literal>, journal files are not split up by user and all messages are
|
and the nobody user) will each get their own journal files, and system users will log to the system journal.
|
||||||
|
See <ulink url="https://systemd.io/UIDS-GIDS">Users, Groups, UIDs and GIDs on systemd systems</ulink>
|
||||||
|
for more details about UID ranges.
|
||||||
|
If <literal>none</literal>, journal files are not split up by user and all messages are
|
||||||
instead stored in the single system journal. In this mode unprivileged users generally do not have access to
|
instead stored in the single system journal. In this mode unprivileged users generally do not have access to
|
||||||
their own log data. Note that splitting up journal files by user is only available for journals stored
|
their own log data. Note that splitting up journal files by user is only available for journals stored
|
||||||
persistently. If journals are stored on volatile storage (see <varname>Storage=</varname> above), only a single
|
persistently. If journals are stored on volatile storage (see <varname>Storage=</varname> above), only a single
|
||||||
|
|
|
@ -200,8 +200,11 @@ systemd-tmpfiles --create --prefix /var/log/journal</programlisting>
|
||||||
writable. Adding a user to this group thus enables them to read
|
writable. Adding a user to this group thus enables them to read
|
||||||
the journal files.</para>
|
the journal files.</para>
|
||||||
|
|
||||||
<para>By default, each logged in user will get their own set of
|
<para>By default, each user, with a UID outside the range of system users,
|
||||||
journal files in <filename>/var/log/journal/</filename>. These
|
dynamic service users, and the nobody user, will get their own set of
|
||||||
|
journal files in <filename>/var/log/journal/</filename>. See
|
||||||
|
<ulink url="https://systemd.io/UIDS-GIDS">Users, Groups, UIDs and GIDs on systemd systems</ulink>
|
||||||
|
for more details about UID ranges. These journal
|
||||||
files will not be owned by the user, however, in order to avoid
|
files will not be owned by the user, however, in order to avoid
|
||||||
that the user can write to them directly. Instead, file system
|
that the user can write to them directly. Instead, file system
|
||||||
ACLs are used to ensure the user gets read access only.</para>
|
ACLs are used to ensure the user gets read access only.</para>
|
||||||
|
|
Loading…
Reference in a new issue