When attempting to read system logs via journalctl on CentOS 7 as a regular user, you'll encounter:
No journal files were found.
This occurs because by default, journal files in /run/log/journal/ are owned by the systemd-journal group with 0640 permissions.
Instead of using sudo, add your user to the systemd-journal group:
sudo usermod -aG systemd-journal $USER
After adding the group membership, either:
newgrp systemd-journal
Or simply log out and back in for the changes to take effect.
Check your current group memberships with:
groups
You should see systemd-journal in the output. Now try:
journalctl -n 50
This should display the last 50 log entries without requiring root privileges.
For permanent access across reboots, ensure journal persistence is enabled:
sudo mkdir -p /var/log/journal
sudo systemctl restart systemd-journald
Verify storage is persistent:
journalctl --list-boots
Once configured, you can use all normal journalctl flags as a regular user:
# Filter by service
journalctl -u nginx
# Follow logs in real-time
journalctl -f
# Show logs from last hour
journalctl --since "1 hour ago"
# Combine filters
journalctl -u postgresql --since "today" --until "1 hour ago"
If issues persist after group assignment:
# Verify journal directory permissions
ls -ld /var/log/journal
# Check active group membership
id -nG
# Validate journal files exist
sudo journalctl --disk-usage
# Force journal rotation if needed
sudo journalctl --rotate
When attempting to run journalctl as a regular user on CentOS 7, you'll encounter the frustrating message:
No journal files were found.
This occurs because by default, journal files (stored in /run/log/journal/) are only readable by root and members of specific system groups.
The most secure and maintainable approach is to add your user to the systemd-journal group:
sudo usermod -a -G systemd-journal $USER
After running this command, you'll need to either:
- Log out and log back in
- Run
newgrp systemd-journalin your current session
To confirm your user has been properly added to the group:
groups $USER
id $USER
You should see systemd-journal in the output.
For temporary access or special cases, you can modify the journal directory permissions:
sudo chmod -R g+rx /run/log/journal/
sudo chgrp -R systemd-journal /run/log/journal/
However, this approach isn't recommended for production systems as it might not persist across reboots.
To make these changes persistent across reboots, modify the journald configuration:
sudo vim /etc/systemd/journald.conf
Add or uncomment these lines:
Storage=persistent
ForwardToSyslog=no
Then restart the journald service:
sudo systemctl restart systemd-journald
After implementing any of these solutions, test with:
journalctl -b
journalctl -u nginx.service
You should now be able to view logs without sudo or root access.
- If changes don't take effect immediately, restart your terminal session
- Verify journal files exist in
/run/log/journal/ - Check SELinux context if you're still having issues:
ls -Z /run/log/journal/