On mw1299.eqiad.wmnet at least, as a member of the `wikidev` group I am unable to access `/var/log/mediawiki/jobrunner.log` which is only available to `root:adm`:
```
$ ls -l /var/log/mediawiki/jobrunner.log
-rw-r----- 1 root adm 32241612 Sep 19 15:27 /var/log/mediawiki/jobrunner.log
```
The jobrunner service runs as `www-data` and `/var/log/mediawiki` is `drwxr-xr-x 2 www-data wikidev`.
Puppet has:
```
lang=ruby,name=modules/mediawiki/manifests/init.pp
# /var/log/mediawiki contains log files for the MediaWiki jobrunner
# and for various periodic jobs that are managed by cron.
file { '/var/log/mediawiki':
ensure => directory,
owner => $::mediawiki::users::web,
group => 'wikidev',
mode => '0644',
}
```
The hosts have been switched from Trusty with upstart to Jessie with I assume systemd. In upstart we used to have the upstart service to pass to start-stop-daemon `--chuid` which came from `$::mediawiki::users::web`.
The systemd template uses the same puppet variable and on mw1299.eqiad.wmnet:
```
lang=ini,name=/lib/systemd/system/jobrunner.service
[Unit]
Description="Mediawiki job queue runner loop"
After=hhvm.service
[Service]
EnvironmentFile=/etc/default/jobrunner
User=www-data
Group=www-data
SyslogIdentifier=jobrunner
ExecStart=/usr/bin/php /srv/deployment/jobrunner/jobrunner/redisJobRunnerService --config-file=${JOBRUNNER_CONFIG} ${DAEMON_OPTS}
Restart=always
[Install]
WantedBy=multi-user.target
```
systemd does spawn the service as `www-data`.