How to add a user to systemd-journal

[Sivaram Kannan]

Hi all,

I have a user which is added to sudo group right now. The only purpose of adding that to the sudo group is look at journal logs. I saw we could add the user to systemd-journal and that should allow the user to see the journallogs. How can I add a user to the systemd-journal group. I create user with the cloud-config file and added the group like this

 - name: test
    passwd: $6$rounds=4096$awIkru./bmc1DSn$AHCaJjvFGX279Qxc3rmUUsF1ZNZPQeRmA/n6coDAafFXKVNSvVgmO4yyE3ZtCx8lcrgjPefRjRFwAJLc.zy6l.
    groups:
      - sudo
      - docker
      - systemd-journal

This did not allow the test user to use journal(without sudo), nor does it created an entry is /etc/group. What is the right way to add the user to the systemd-journal.

Thanks,
./Siva.

[Ivan]

This issue is being tracked on GitHub "Specifying group "systemd-journal" in cloud-init doesn't work" [1]. There are some workarounds in the GitHub discussion.

-Ivan

[1]: https://github.com/coreos/bugs/issues/312

[kyle....@coreos.com]

Hi Sivaram,

You can accomplish adding the user "test" to the systemd-journal group by adding the unit below to your cloud-config:


  units:
    - name: "edit-etc-group.service"
      command: "start"
      content: |
        [Unit]
        Description=Add systemd-journal group to /etc/group
        ConditionFirstBoot=True

        [Service]
        ExecStart=/usr/bin/sh -c "getent  group systemd-journal >> /etc/group"
        ExecStartPost=/usr/sbin/usermod -aG systemd-journal test

Cheers,
Kyle Brown

On Wednesday, February 24, 2016 at 9:18:30 AM UTC-8, Sivaram Kannan wrote:

[Alan]

Hi All,

I came across this post and wonder if anyone can help. I am trying to add user to systemd-journal as a unit file in ignition (instead of cloud-config). In particular, I am editing this in human-friendly JSON file before passing it to Config Transpiler (CT). (as per https://github.com/coreos/container-linux-config-transpiler/blob/master/doc/configuration.md )

This is the unit definition in the configuration file I am passing on as per Kyle Brown's example:

systemd:

  units:

  ...

    - name: edit-etc-group.service

      enable: true

      contents: |

        [Unit]

        Description=Add systemd-journal group to /etc/group

        ConditionFirstBoot=True

        [Service]

        ExecStart=/usr/bin/sh -c "/usr/bin/getent group systemd-journal >> /etc/group"

        ExecStartPost=/usr/sbin/usermod -aG systemd-journal test

It however failed to execute when it tried ExecStart=/usr/bin/sh -c "getent group systemd-journal >> /etc/group"

Despite changing path and tweaking the script I can't seem to properly add getent group systemd-journal to /etc/group.

Is there any workaround to adding getent group systemd-journal to /etc/group during ignition

Thanks!
Alan

[Derek Gonyeo]

Hi Alan,

I think your issue is that the systemd unit needs to have an `[Install]` section to be able to work properly.

I was able to test this container linux config successfully: https://gist.github.com/dgonyeo/55803e0526707c00571c9a0a5f8369cf

Can you see if adding that section to your unit fixes the problem?

Derek

[Alan]

Hi Derek,

Yep the group is now added correctly after the `[Install]` section with 

RequiredBy=multi-user.target

Thanks very much for your help.

Alan