From 37495eede95d3212b797c8459d7ed6258fb23c6a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 5 Mar 2013 19:15:31 +0100
Subject: journal: make gatewayd run under its own user ID

---
 README | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'README')

diff --git a/README b/README
index 889c687bac..b6e347ec2b 100644
--- a/README
+++ b/README
@@ -101,11 +101,12 @@ REQUIREMENTS:
         pass the same DESTDIR to 'make sphinx-html' invocation.
 
 USERS AND GROUPS:
-        Default udev rules use the following standard system group names,\
-        which need to be resolvable by getgrnam() at any time, even in the
-        very early boot stages, where no other databases and network is
-        available:
-          tty, dialout, kmem, video, audio, lp, floppy, cdrom, tape, disk
+        Default udev rules use the following standard system group
+        names, which need to be resolvable by getgrnam() at any time,
+        even in the very early boot stages, where no other databases
+        and network are available:
+
+        tty, dialout, kmem, video, audio, lp, floppy, cdrom, tape, disk
 
         During runtime the journal daemon requires the
         "system-journal" system group to exist. New journal files will
@@ -119,6 +120,11 @@ USERS AND GROUPS:
 
         # setfacl -nm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
 
+        The journal gateway daemon requires the
+        "system-journal-gateway" system user and group to
+        exist. During execution this network facing service will drop
+        privileges and assume this uid/gid for security reasons.
+
 WARNINGS:
         systemd will warn you during boot if /etc/mtab is not a
         symlink to /proc/mounts. Please ensure that /etc/mtab is a
-- 
cgit v1.2.3-54-g00ecf