systemd user journals not being created

Question

Several identical machines all running Fedora 21 in a cluster are all exhibiting identical issues:

Attempting to pull a user journal with journalctl -r gives:

No journal files were opened due to insufficient permissions.

Trying journalctl --user -r gives:

No journal files were found.

Checking in /var/log/journal/[whatever] yields system journals (which seem to work fine as root) and one or two user journals. Logging in as a user that has a user journal in this directory shows that these users can pull their own journal just fine.

It seems like journals are being created for some users but not others. I can find nothing different about the users with journals, and it's not the same users exhibiting the problem on every system, despite identical /etc/passwd, /etc/group, and /etc/shadow files across the systems.

All of this worked fine on Fedora 20.

Not a programming question - voted to close. – tink Jun 06 '23 at 22:54 — tink, Jun 06 '23 at 22:54

datu-puti · Answer 1 · 2023-06-06T20:49:58.573

29

I believe this is related to this question.

I had this issue on Ubuntu 17.10. One of my users could view his journal entries, but another couldn't. The issue was resolved by changing the Storage directive of the [Journal] section of /etc/systemd/journald.conf to persistent:

Edit journald.conf

$ sudo vi /etc/systemd/journald.conf

Original Config

[Journal]
#Storage=auto
...

New Config

[Journal]
Storage=persistent
...

After a restart of journalctl, all users could view their respective logs:

$ sudo systemctl restart systemd-journald

From the journald.conf man page:

If "persistent", data will be stored preferably on disk, i.e. below the /var/log/journal hierarchy (which is created if needed), with a fallback to /run/log/journal (which is created if needed), during early boot and if the disk is not writable.

edited Jun 06 '23 at 20:49

answered Dec 21 '17 at 18:02

datu-puti

1,306
14
33

4

In particular, the root cause for this is https://github.com/systemd/systemd/issues/2744: “ Allow users to read their own volatile journals”. TL;DR: only in /var/log [persistent], not in /run [volatile], are journal files spilt by UID. – Dato Jan 21 '19 at 19:39
1

I was having this issue on ubuntu and simply restarting with `sudo systemctl restart systemd-journald` was enough for some reason – Jespertheend Jul 20 '22 at 16:37
Didn't have any effect on our server :c – Hi-Angel Jun 01 '23 at 08:16

score 0 · Answer 2 · answered Aug 08 '23 at 12:29

Check the output of id -u, if it shows a number less than 1000 then you stumble upon this resolved systemd bug. It is fixed since v254 release.

For older releases without the fix there is a known workaround for the case where you know the name of the unit you want to watch: the --user -u foo would need to be replaced with --user-unit foo.

systemd user journals not being created

2 Answers2