Op zo 27 aug 2023 om 18:30 schreef Leon Fauster <leonfaus...@googlemail.com >:
> Am 26.08.23 um 18:41 schrieb Cecil Westerhof: > > Replying on google does not work as I am used to. It sends to the sender > > instead of the group. 😱 > > > > Op za 26 aug 2023 om 18:36 schreef Cecil Westerhof > > <cldwester...@gmail.com <mailto:cldwester...@gmail.com>>: > > > > Op za 26 aug 2023 om 14:46 schreef Michael Biebl <mbi...@gmail.com > > <mailto:mbi...@gmail.com>>: > > > > Am Sa., 26. Aug. 2023 um 09:44 Uhr schrieb Cecil Westerhof > > <cldwester...@gmail.com <mailto:cldwester...@gmail.com>>: > > > > > > I am at last implementing systemd timers. The service I > > created can have its status queried by a normal user. I thought > > I must have made a mistake. But when I do: > > > systemctl status cron > > > > > > I get: > > > ● cron.service - Regular background program processing > daemon > > > Loaded: loaded (/lib/systemd/system/cron.service; > > enabled; preset: enabled) > > > Active: active (running) since Sat 2023-08-19 > > 18:12:04 CEST; 6 days ago > > > Docs: man:cron(8) > > > Main PID: 790 (cron) > > > Tasks: 1 (limit: 17837) > > > Memory: 91.0M > > > CPU: 14min 3.110s > > > CGroup: /system.slice/cron.service > > > └─790 /usr/sbin/cron -f > > > > > > Warning: some journal files were not opened due to > > insufficient permissions. > > > > > > Is this the expected behaviour? > > > If not: what could be wrong with my system? > > > > > > This is on Debian 11. > > > > Reading system logs is a privileged operation. > > > > You can grant this privilege to individual users by adding them > > to the > > systemd-journal (or adm) group. > > > > Adding users to the adm will grant them additional privileges, > > so be careful. > > > > > > The user is in the lpadmin group, but not in systemd-journal, or adm > > and still can ask the status. > > Another reply indicates that this is normal. > > > > > Well, you can look at the process list anytime as normal user. So, what > are you trying to accomplishing. Whats the goal? Hiding the process from > the users? > I was surprised that I could see it. And as I understand it, I am certainly not the only one. One reply on my question was even that it is a privileged operation and should not be possible without a group added to the user which was not added to the user. I agree that you can find out everything with ps, but that is a lot more work. I was just surprised that it was possible —and again I am far from the only one—, I just wanted to check it out and now I know it is expected behaviour. Better to ask a 'dump' question than staying ignorant I think. -- Cecil Westerhof
