Arch Linux User Repository

@SoLoR as the systemd units are declared, the system does not allow writing to /var/log/, however the log is written to the journal (which makes it unnecessary to write to /var/log/). The easiest way to view the log in the journal is to run sudo journalctl -g 'vlmcsd*' (to view any log involving vlmcsd). But before that you have to modify the unit so that the ExecStart is ExecStart=/usr/bin/vlmcsd -e because as it is it does not output any log.

New to arch, was using something else for 20+ years.... why i cant get log file output with -l /var/log/vlmcsd.log ? Even in journal there isnt any logs of clients authorizing....

EDIT: figured it out

its combination of dynamicuser and readwritepaths setting in systemctl.

Thanks!

@yan12125 done

Hi, could you switch from nobody to another user? systemd complains about it

/usr/lib/systemd/system/vlmcsd@.service:5: Special user nobody configured, this is not safe!

The only relevant document I found is [1]. I'm not sure if nobody is really unsafe, but using another user seems simple. Other hardening options used in https://aur.archlinux.org/cgit/aur.git/tree/vlmcsd@.service?h=vlmcsd-git may be good as well.

[1] https://github.com/systemd/systemd/blob/v248/catalog/systemd.catalog.in#L469

@JimmyZ not is necessary since nobody user only belongs to nobody group

May I ask why Group=nobody is not specified?