Merge pull request #14388 from anitazha/man_uid_updates

man: document uids for user journals
2025-03-23 10:50:16 +03:00 · 2019-12-19 12:45:59 +01:00 · 2019-12-19 12:45:59 +01:00 · 17ef83b231
commit 17ef83b231
parent 222633b646 a1533ad73f
3 changed files with 11 additions and 5 deletions
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@ -110,8 +110,11 @@
        <listitem><para>Controls whether to split up journal files per user, either <literal>uid</literal> or
        <literal>none</literal>. Split journal files are primarily useful for access control: on UNIX/Linux access
        control is managed per file, and the journal daemon will assign users read access to their journal files. If
-        <literal>uid</literal>, all regular users will each get their own journal files, and system users will log to
-        the system journal. If <literal>none</literal>, journal files are not split up by user and all messages are
+        <literal>uid</literal>, all regular users (with UID outside the range of system users, dynamic service users,
+        and the nobody user) will each get their own journal files, and system users will log to the system journal.
+        See <ulink url="https://systemd.io/UIDS-GIDS">Users, Groups, UIDs and GIDs on systemd systems</ulink>
+        for more details about UID ranges.
+        If <literal>none</literal>, journal files are not split up by user and all messages are
        instead stored in the single system journal. In this mode unprivileged users generally do not have access to
        their own log data. Note that splitting up journal files by user is only available for journals stored
        persistently. If journals are stored on volatile storage (see <varname>Storage=</varname> above), only a single
--- a/man/systemd-journald.service.xml
+++ b/man/systemd-journald.service.xml
@ -200,8 +200,11 @@ systemd-tmpfiles --create --prefix /var/log/journal</programlisting>
    writable. Adding a user to this group thus enables them to read
    the journal files.</para>

-    <para>By default, each logged in user will get their own set of
-    journal files in <filename>/var/log/journal/</filename>. These
+    <para>By default, each user, with a UID outside the range of system users,
+    dynamic service users, and the nobody user, will get their own set of
+    journal files in <filename>/var/log/journal/</filename>. See
+    <ulink url="https://systemd.io/UIDS-GIDS">Users, Groups, UIDs and GIDs on systemd systems</ulink>
+    for more details about UID ranges. These journal
    files will not be owned by the user, however, in order to avoid
    that the user can write to them directly. Instead, file system
    ACLs are used to ensure the user gets read access only.</para>
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@ -535,7 +535,7 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para>
      guaranteed to be resolvable during early boot. If this field references users/groups that only become
      resolveable during later boot (i.e. after NIS, LDAP or a similar networked directory service become
      available), execution of the operations declared by the line will likely fail. Also see <ulink
-      url="https://systemd.io/UIDS-GIDS.html#notes-on-resolvability-of-user-and-group-names">Notes on
+      url="https://systemd.io/UIDS-GIDS/#notes-on-resolvability-of-user-and-group-names">Notes on
      Resolvability of User and Group Names</ulink> for more information on requirements on system user/group
      definitions.</para>
    </refsect2>