tmpfiles: use ACL magic on journal directories

author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2015-01-18 15:05:40 -0500
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2015-01-22 01:14:53 -0500
commit: a48a62a1af02aec4473c9deed98dd5b89d210f93 (patch)
tree: 6430c67afb3521718a43cce66be9def85bd8664b /README
parent: 50d9e46dbb8400d4570781728c63b151d9ca982b (diff)
1 files changed, 3 insertions, 8 deletions
diff --git a/README b/README
index fa95433ec..c72209262 100644
--- a/README
+++ b/README
@@ -178,14 +178,9 @@ USERS AND GROUPS:
         During runtime, the journal daemon requires the
         "systemd-journal" system group to exist. New journal files will
         be readable by this group (but not writable), which may be used
-        to grant specific users read access.
-
-        It is also recommended to grant read access to all journal
-        files to the system groups "wheel" and "adm" with a command
-        like the following in the post installation script of the
-        package:
-
-        # setfacl -nm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
+        to grant specific users read access. In addition, system
+        groups "wheel" and "adm" will be given read-only access to
+        journal files using systemd-tmpfiles.service.
 
         The journal gateway daemon requires the
         "systemd-journal-gateway" system user and group to
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2015-01-18 15:05:40 -0500
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2015-01-22 01:14:53 -0500
commit	a48a62a1af02aec4473c9deed98dd5b89d210f93 (patch)
tree	6430c67afb3521718a43cce66be9def85bd8664b /README
parent	50d9e46dbb8400d4570781728c63b151d9ca982b (diff)