tl;dr
How can I allow a normal user to read one systemd service's logs?
Long question
Environment: CentOS 7
A user needs access to his service's logs, which are by default consumed by journald. I can view them as my non-root user (because I'm in the wheel group), but the other user cannot. He will not get membership in wheel, but he needs his logs.
What permissions do I need to give him, so he can get to the logs? I would appreciate if he could run a standard journalctl command, like maybe
journalctl -f -u servicename.service
I guess if I have to, I can configure the service file specifically to log to a file, right? I guess I can have the ExecStart include a | /usr/bin/tee -a /var/log/servicename.log but why can't systemd handle this better?
