From 99add6fd0b8f4307ed79256e25f38da318e795c4 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Aug 2012 04:45:17 +0200
Subject: journalctl: complain if unprivileged users attempt to access the
 journal and persistant logging is off

---
 src/journal/journalctl.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'src/journal/journalctl.c')

diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index bee26fd769..6aff1f1ba3 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -747,8 +747,20 @@ int main(int argc, char *argv[]) {
         }
 
 #ifdef HAVE_ACL
+        if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) {
+                log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages.");
+                r = -EACCES;
+                goto finish;
+        }
+
         if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0)
-                log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this message off.");
+                log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off.");
+#else
+        if (geteuid() != 0 && in_group("adm") <= 0) {
+                log_error("No access to messages. Only users in the group 'adm' can see messages.");
+                r = -EACCES;
+                goto finish;
+        }
 #endif
 
         r = add_this_boot(j);
-- 
cgit v1.2.3-54-g00ecf