improve journalctl man page #25061
Description
Component
journalctl
Is your feature request related to a problem? Please describe
The line 'All users are granted access to their private per-user journals.' from the journalctl man page suggests that it should be possible for users to access the log messages of their own services.
As far as I'm aware, that is possible with persistent storage and using the --user-unit option but one of those isn't always the default (e.g. Rocky Linux) and the other isn't necessarily very intuitive.
Describe the solution you'd like
Right now, there would be less overall confusion and frustration, if the man page read:
All users are granted access to their private per-user journals through the
--userand--user-unitoptions when usingStorage=persistent.
Maybe add a note to man journald.conf as well
Storage=
..
When using "volatile", users can't access their per-user journals.
Describe alternatives you've considered
I and the few people I talked about this with expected --user and --unit used in conjunction to behave like --user-unit.
This would, imho, be more intuitive because it corresponds to how --userbehaves with systemctl (changing how the rest of the line behaves).
Maybe it's to retain the ability to read both user and system journals using one call?
--user --unit system-service would read all user logs with that of system-service.
--system --user-unit user-service does the same the other way around.
The second line does what I expect it to do by just glancing at it - the first one.. just doesn't look right for what it does.
It was discussed in several places but it doesn't look like it's desirable from a systemd point of view.
Regardless, it would be a breaking change. I could see it work by adding a --system-unit parameter, deprecating --unit (sure :-D) and then re-adding a version --unit that depends on --system and --user. Maybe warn about an upcoming change for --unit if it's used with --user for a few versions?
It would also be rather practical if it wasn't necessary to change the storage type to persistent in order to read user-journals.
The per-user journal entries are stored along others in /run/log/journal/*.
The documentation for Storage= doesn't indicate why the journal is stored differently in /var/log/journal than it is in /ru/log/journal but it is and I assume there's a reason - ignoring the option to change the storage mechanism with volatile.
Allowing users access to their journal would probably require there to be a service for reading logs providing a unix socket with SCM_CREDENTIALS to make sure the requesting user only sees their respective journal (like for incoming messages).
I'm willing to put in some time if some of the more knowledgeable systemd folks indicate whether any of those have a chance to be merged.
The man page change I'm suggesting instead should be relative straight-forward.
I couldn't find the corresponding man pages searching this repo for "turns off all storage" or "users are granted access to their private per-user journals" so this is an issue, not a pull request.
The systemd version you checked that didn't have the feature you are asking for
250