On Tue, 09.10.12 10:45, Matthew Miller (mattdm@xxxxxxxxxxxxxxxxx) wrote: > > i) You always see the full set of logs you have access to. No need > > anymore to to look through /var/log/messages, /var/log/secure and so > > on one individually. And you get all of this nicely interleaved. > > As noted in an earlier message, that distinction is there for a reason. We > need a way to provide the same in the new system. The journal is actually tighter in security in this regard. By default users can only get access to their own logs, but not to the system logs. Only users in the "adm" group can see system logs and logs of other users. We also securely determine who is logging and split this off into separate files, so that unprivileged users cannot spam the logs anymore and have their fake messages spill into supposedly secure logs. To summarize: Previously: /var/log/secure readable only for root, /var/log/messages readable for everybody and including data from everybody. Now: A journal for each user with only his data in it. Only readable by the user himself and members of "adm" and root. One journal for the system, with only trusted data in it. Only readable by adm and root. For each caller all accessible files interleaved transparently on display. I think the new behaviour makes a ton more sense than anything before. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
