On Tue, 23.07.13 04:03, Oron Peled (o...@actcom.co.il) wrote: > > > Cron was already mentioned, but every one seem to ignore the fact that > > > regular users don't have permission to read system logs. > > > > journald actually splits out user logs and use filesystem ACLs to ensure > > that the user gets read access to his own logs. This doesn't work for > > syslog (and also not if cron first collects all logs and then logs them > > as root). > > [thanks for referring to this issue. In a separate sub-thread I complained > about not being addressed before seeing this mail] > > There are two issues however: > * The log-splitting of journald is really nice feature. But it doesn't > work for cron: > $ echo '* * * * * /bin/echo "Test output from cron"' | \ > crontab '-' # than wait a minute > $ journalctl # only shows crontab, not the cron output > $ su - > # journalctl # Cron output is properly shown. > > So this issue is still outstanding (but I'll bet you knew that)
Also as mentioned on this thread, this doesn't work for cron right now as cron actually collects all log output of a job and then posts it under its own identity, which is why it is attributed to cron/root. THis is, if you so will, a misdesign in cronie. > * Logs are inherently line-oriented (which is very good for their > intended use case). However, many cron-jobs produce various reports > which are multi-line in their nature -- not a very good fit. The journal is fine with multi-line log messages. In fact, the kernel by default sends out a couple of multi-line messages. Cron currently collects all the job's logs in one go and then writes them under its own identity in one big transaction out. THis means that there's no way to get "live" access to the logs of current long-running jobs. Which is certainly suboptimal. Note that due to the context we collect of messages it should be preferable these days if logging happens immediately per-line and then is recombined at display time, rather than collected and done at the end, simply to make sure latencies are low, and you get a live view into the system. But either way, both philosophies (log individual log lines immediately + log them all in one) work fine with journald, we can do both, better than syslog ever could. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
