How to allow a user to use journalctl to see user-specific systemd service logs

journalctlpermissionssystemctlsystemdubuntu-16.04

I am running user-level services in Ubuntu 16.04 LTS. For example, I have my test.service located at ~/.config/systemd/user/test.service.

I was able to run the service by doing

systemctl --user start test.target

However, when I try to read its log using journalctl, I got this error message:

journalctl --user -u test.service
Hint: You are currently not seeing messages from other users and the system.
  Users in the 'systemd-journal' group can see all messages. Pass -q to
  turn off this notice.
No journal files were opened due to insufficient permissions.

How can I use journalctl for user's specific unit?

Best Answer

On older systemd versions, you'll have to use journalctl --user --user-unit=SERVICENAME (on newer versions journalctl --user -u SERVICENAME will work fine).

However, this only works if the Storage directive of the [Journal] section of /etc/systemd/journald.conf is set to persistent (instead of auto or volatile). Reboot after editing the configuration file and the user will be able to see the journal.

More information: https://www.freedesktop.org/software/systemd/man/journald.conf.html https://lists.freedesktop.org/archives/systemd-devel/2016-October/037554.html

Related Solutions

Systemd – How to Set Environment Variable in Service

Times change and so do best practices.

The current best way to do this is to run systemctl edit myservice, which will create an override file for you or let you edit an existing one.

In normal installations this will create a directory /etc/systemd/system/myservice.service.d, and inside that directory create a file whose name ends in .conf (typically, override.conf), and in this file you can add to or override any part of the unit shipped by the distribution.

For instance, in a file /etc/systemd/system/myservice.service.d/myenv.conf:

[Service]
Environment="SECRET=pGNqduRFkB4K9C2vijOmUDa2kPtUhArN"
Environment="ANOTHER_SECRET=JP8YLOc2bsNlrGuD6LVTq7L36obpjzxd"

Also note that if the directory exists and is empty, your service will be disabled! If you don't intend to put something in the directory, ensure that it does not exist.

For reference, the old way was:

The recommended way to do this is to create a file /etc/sysconfig/myservice which contains your variables, and then load them with EnvironmentFile.

For complete details, see Fedora's documentation on how to write a systemd script.

How to output logs to a file from the content of a service with systemd

I encountered a similar issue. As explained here, it turns out that you can't redirect output directly within ExecStartPre, ExecStart, or ExecStopPost commands - systemd will interpret the > or >> as arguments. The solution is to execute your command using sh -c.

There's also one other issue I ran into when trying to use the date command in my systemd script: %m is a special code referring to the machine ID of the current host. So in order to have it output the month you need to escape the percent sign by using two percent signs (%%). Putting it all together, the systemd version of the above pre and post-scripts is:

# Date format same as (new Date()).toISOString() for consistency
ExecStartPre = /bin/sh -c 'echo "[`date -u +%Y-%%m-%dT%T.%3NZ`] (sys) Starting" >> /var/log/yourapp.upstart.log'
ExecStopPost = /bin/sh -c 'rm /var/run/upstart-ghost.pid; echo "[`date -u +%Y-%%m-%dT%T.%3NZ`] (sys) Stopping" >> /var/log/yourapp.upstart.log'

Best Answer

Related Solutions

Systemd – How to Set Environment Variable in Service

How to output logs to a file from the content of a service with systemd

Related Topic