From: Guido Leenders <guido.leenders@invantive.com>
Date: Fri, 19 Apr 2024 11:30:32 +0000 (+0200)
Subject: Document effective owner of stdout/stderr log file upon creation
X-Git-Tag: v256-rc1~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f445ed3c5f30097c86e72d55104bd5d4011e8933;p=thirdparty%2Fsystemd.git

Document effective owner of stdout/stderr log file upon creation

The log files defined using file:, append: or truncate: inherit the owner and other privileges from the effective user running systemd.

The log files are NOT created using the "User", "Group" or "UMask" defined in the service.
---

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 80359bc2385..38bf018ae46 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -2983,8 +2983,8 @@ SystemCallErrorNumber=EPERM</programlisting>
         <para>The <option>file:<replaceable>path</replaceable></option> option may be used to connect a specific file
         system object to standard output. The semantics are similar to the same option of
         <varname>StandardInput=</varname>, see above. If <replaceable>path</replaceable> refers to a regular file
-        on the filesystem, it is opened (created if it doesn't exist yet) for writing at the beginning of the file,
-        but without truncating it.
+        on the filesystem, it is opened (created if it doesn't exist yet using privileges of the user executing the
+        systemd process) for writing at the beginning of the file, but without truncating it.
         If standard input and output are directed to the same file path, it is opened only once — for reading as well
         as writing — and duplicated. This is particularly useful when the specified path refers to an
         <constant>AF_UNIX</constant> socket in the file system, as in that case only a