I prefer to use the "adm" group for now. --- src/journal/journalctl.c.orig 2013-03-08 14:14:13.671806583 +0100 +++ src/journal/journalctl.c 2013-03-08 14:14:44.462969574 +0100 @@ -881,16 +881,16 @@ static int verify(sd_journal *j) { static int access_check(void) { #ifdef HAVE_ACL - if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("systemd-journal") <= 0) { - log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'systemd-journal' can always see messages."); + if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) { + log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages."); return -EACCES; } - if (!arg_quiet && geteuid() != 0 && in_group("systemd-journal") <= 0) - log_warning("Showing user generated messages only. Users in the group 'systemd-journal' can see all messages. Pass -q to turn this notice off."); + if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0) + log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off."); #else - if (geteuid() != 0 && in_group("systemd-journal") <= 0) { - log_error("No access to messages. Only users in the group 'systemd-journal' can see messages."); + if (geteuid() != 0 && in_group("adm") <= 0) { + log_error("No access to messages. Only users in the group 'adm' can see messages."); return -EACCES; } #endif --- src/journal/journald-server.c.orig 2013-03-08 14:42:35.535110912 +0100 +++ src/journal/journald-server.c 2013-03-08 14:42:43.846230680 +0100 @@ -174,7 +174,7 @@ static uint64_t available_space(Server * } static void server_read_file_gid(Server *s) { - const char *g = "systemd-journal"; + const char *g = "adm"; int r; assert(s);