Thanks. Unfortunately, when I enter this into terminal, it says 'no such file or directory'. I tried with and without 'sudo'. I know how to create a .conf file, and should then just enter the second line of code? Nothing horrible can happen from creating the 99-sysctl.conf?
Simply create it.
No. You could also create a
87-manjaro-is-great.conf without anything going to happen. Only the content of the file makes things happen.
Cool, thank you. I'll create the 99-sysctl.conf, and add
echo 'kernel.dmesg_restrict=0' | sudo tee -a /etc/sysctl.d/99-sysctl.conf
No, the content of that file will be:
and nothing else.
Thank you very much for correcting me on that.
Sorry for necro bumping, just an important precision to add in case there is people reading it.
Well, by default, access to system logs on journalctl is restricted to root and certain users that are member of certain groups: the most notable one being
wheel (which is the group for administrators, or sudoers if you prefer, on a standard Manjaro system).
So unless Manjaro changed the defaults on that one, journalctl is already locked down on that aspect.
All users are granted access to their private per-user journals.
However, by default, only root and users who are members of a few
special groups are granted access to the system journal and the
journals of other users. Members of the groups "systemd-journal",
"adm", and "wheel" can read all journal files. Note that the two latter
groups traditionally have additional privileges specified by the
distribution. Members of the "wheel" group can often perform
I love RTFMing, but have you confirmed? With a no-wheels user?
That was of course a very good question and yes, I do confirm that it also works in practice on Manjaro. Here's what I get if I use
journalctl -k (for kernel messages) and
journalctl -xe --unit=smb.service (for a random system-wide service).
journalctl does warn you that you are not a member of either
wheel and therefore, can't see any logs for other users or for the system.
[peasant@mjrgnome ~]$ id uid=1001(peasant) gid=1001(peasant) groups=1001(peasant) [peasant@mjrgnome ~]$ journalctl -k Hint: You are currently not seeing messages from other users and the system. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. Pass -q to turn off this notice. -- Logs begin at Thu 2019-05-23 06:43:02 EDT, end at Thu 2019-05-23 06:45:16 ED> -- No entries -- [peasant@mjrgnome ~]$ journalctl -xe --unit=smb.service Hint: You are currently not seeing messages from other users and the system. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. Pass -q to turn off this notice. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ -- Logs begin at Thu 2019-05-23 06:43:02 EDT, end at Thu 2019-05-23 06:45:16 ED> -- No entries -- [peasant@mjrgnome ~]$
If I type
journalctl -xe, it will only show the logs that this low-privileged user is allowed to see, for example logs for its own, personal systemd units.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.