Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Recording usage without write permission
2 views
Skip to first unread message
Michael F. Stemper
Oct 16, 2023, 9:45:03 AM10/16/23
to
Some years back, I was involved in a research project. One of the
outcomes of this was creation of a large data base and various
tools for querying it.
I created a script that set/modified various environment variables,
for inclusion in a user's .profile script. The PI was interested in
who was using this database, so I added a few commands to record
each user's first invocation of the initialization script.
Unfortunately, the only way that I could figure out to do this
involved giving the log file the file permission of the beast (666).
At this point, it's moot, as the PI got his doctorate and moved away,
so the project no longer exists -- nor does my access to that network.
But, I'm curious as to whether there is some way to accomplish the
same thing without giving promiscuous access to a file in my user
space. Maybe some kind of messaging? Send a message to a daemon
executing as me, and have that do the reading and writing? Some
other method?
--
Michael F. Stemper
If it isn't running programs and it isn't fusing atoms, it's just bending space.
outcomes of this was creation of a large data base and various
tools for querying it.
I created a script that set/modified various environment variables,
for inclusion in a user's .profile script. The PI was interested in
who was using this database, so I added a few commands to record
each user's first invocation of the initialization script.
Unfortunately, the only way that I could figure out to do this
involved giving the log file the file permission of the beast (666).
At this point, it's moot, as the PI got his doctorate and moved away,
so the project no longer exists -- nor does my access to that network.
But, I'm curious as to whether there is some way to accomplish the
same thing without giving promiscuous access to a file in my user
space. Maybe some kind of messaging? Send a message to a daemon
executing as me, and have that do the reading and writing? Some
other method?
--
Michael F. Stemper
If it isn't running programs and it isn't fusing atoms, it's just bending space.
David W. Hodgins
Oct 16, 2023, 1:39:58 PM10/16/23
to
On Mon, 16 Oct 2023 09:44:59 -0400, Michael F. Stemper <michael...@gmail.com> wrote:
> But, I'm curious as to whether there is some way to accomplish the
> same thing without giving promiscuous access to a file in my user
> space. Maybe some kind of messaging? Send a message to a daemon
> executing as me, and have that do the reading and writing? Some
> other method?
That's exactly how rsyslog and systemd-journald work. They each use a
> But, I'm curious as to whether there is some way to accomplish the
> same thing without giving promiscuous access to a file in my user
> space. Maybe some kind of messaging? Send a message to a daemon
> executing as me, and have that do the reading and writing? Some
> other method?
daemon that runs as root the records the log entries. Whether or not
the user has read access depends on what groups the user is a member
of.
With systemd-journald, it supports both system and user level journal
entries.
Regards, Dave Hodgins
Michael F. Stemper
Oct 18, 2023, 9:40:04 AM10/18/23
to
Looking at the man page for systemd-journald, I see the following:
By default, each logged in user will get her/his own set of journal
files in /var/log/journal/.
Does this mean that logging would only work when I was logged in, and that
all of the journal files would disappear when I logged out? Or, would the fact
that my daemon was running (or lurking) count as me being logged in?
Although after reading that man page, I also realized that the daemon approach
probably would not have been practical for me. There were somewhere between
forty and fifty boxes on that network. I would have needed to kick off a
daemon on each of them, and also set up something to gather the results from
each box's /var/log/journal/ to a common location (my $HOME).
None the less, interesting new knowledge.
--
Michael F. Stemper
Isaiah 58:6-7
David W. Hodgins
Oct 18, 2023, 2:02:05 PM10/18/23
to
On Wed, 18 Oct 2023 09:23:54 -0400, Michael F. Stemper <michael...@gmail.com> wrote:
> Looking at the man page for systemd-journald, I see the following:
>
> By default, each logged in user will get her/his own set of journal
> files in /var/log/journal/.
>
> Does this mean that logging would only work when I was logged in, and that
> all of the journal files would disappear when I logged out? Or, would the fact
> that my daemon was running (or lurking) count as me being logged in?
> Although after reading that man page, I also realized that the daemon approach
> probably would not have been practical for me. There were somewhere between
> forty and fifty boxes on that network. I would have needed to kick off a
> daemon on each of them, and also set up something to gather the results from
> each box's /var/log/journal/ to a common location (my $HOME).
>
> None the less, interesting new knowledge.
There is one daemon, systemd-journald running for the computer. It handles
> Looking at the man page for systemd-journald, I see the following:
>
> By default, each logged in user will get her/his own set of journal
> files in /var/log/journal/.
>
> Does this mean that logging would only work when I was logged in, and that
> all of the journal files would disappear when I logged out? Or, would the fact
> that my daemon was running (or lurking) count as me being logged in?
> Although after reading that man page, I also realized that the daemon approach
> probably would not have been practical for me. There were somewhere between
> forty and fifty boxes on that network. I would have needed to kick off a
> daemon on each of them, and also set up something to gather the results from
> each box's /var/log/journal/ to a common location (my $HOME).
>
> None the less, interesting new knowledge.
creating system level and user level journal entries.
All entries go into the system level journal files. For a user who has logged
in at least once (even if only via ssh), there are also user level journal files
that duplicate the entries relevant for that user.
User's who don't log in are usually tied to a specific service. For example
for sddm, the kde plasma display manager, to view it's entries use
"journalctl _SYSTEMD_UNIT=sddm.service".
Even though the sddm user doesn't have it's own journal files, the entries are
still available from the system level journal files.
One thing I don't like, is the default size of the journal files is based on
a percentage of the size of the file system where /var/log/journal is stored.
I always limit it using ...
$ cat /etc/systemd/journald.conf.d/journald.conf
[Journal]
SystemMaxUse=200M
RuntimeMaxUse=200M
ForwardToSyslog=yes
ForwardToConsole=yes
TTYPath=/dev/tty12
For my use, that's normally about 5 weeks of data. I don't need years of data,
which not only takes a lot of space, it slows down looking for data.
Regards, Dave Hodgins
Lawrence D'Oliveiro
Jan 22, 2024, 1:46:27 AM1/22/24
to
On Mon, 16 Oct 2023 08:44:59 -0500, Michael F. Stemper wrote:
> But, I'm curious as to whether there is some way to accomplish the same
> thing without giving promiscuous access to a file in my user space.
> Maybe some kind of messaging? Send a message to a daemon executing as
> me, and have that do the reading and writing?
A daemon listening on a Unix-family socket seems the obvious choice.
> But, I'm curious as to whether there is some way to accomplish the same
> thing without giving promiscuous access to a file in my user space.
> Maybe some kind of messaging? Send a message to a daemon executing as
> me, and have that do the reading and writing?
0 new messages