2

These days, at least in Arch Linux (probably true for other distros too? 1), dmesg needs sudo, otherwise it doesn't work:

$ dmesg
dmesg: read kernel buffer failed: Operation not permitted

On the other hand, journalctl (from systemd) doesn't need sudo.

It feels odd because journalctl can access much of the same information (if not all) of dmesg.

Does anyone know why one is restricted but the other isn't? My installation is pretty vanilla, and I haven't made any custom changes to sysctl (/etc/sysctl.d/) and alike.

I've found a similar question outside of SE2 however it doesn't have any replies.

thiagowfx
  • 1,249
  • https://man.archlinux.org/man/journalctl.1.en: "Members of the groups "systemd-journal", "adm", and "wheel" can read all journal files." journalctl clearly isn't a free-for-all, it's restricted too. Are you in one of those groups? – muru Jun 10 '21 at 06:31
  • I have journalctl hints in my Stack Exchange profile, click on my userid below this comment. – waltinator Jun 10 '21 at 06:47
  • Look at ls -l $(type -p journalctl). Is it setuid? man ls stat. – waltinator Jun 10 '21 at 06:49
  • @muru: Membership in the systemd-journal group would seem to be a requirement for system (or application) managers. journalctl is the new way of slicing and dicing log files. – waltinator Jun 10 '21 at 06:55

1 Answers1

2

journalctl access is indeed restricted to members of the following groups: adm, systemd-journal, wheel according to man journalctl and it's indeed the case for Fedora 33:

Hint: You are currently not seeing messages from other users and the system.
      Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
      Pass -q to turn off this notice.

As for dmesg its access is regulated by the sysctl variable, kernel.dmesg_restrict which at least in Fedora is set to 0, which means any local user can read the kernel log.

IMO, I see no reason to restrict access to dmesg while the system log may contain information which could allow to gain unauthorized access to the system.

Artem S. Tashkinov
  • 29,025
  • 1
    By restricting, dmesg non-privileged users need to beg sysadmins to have a look. This is a nice vulnerability drama to appease bureaucracy. – harshavmb Nov 09 '22 at 14:57