[Pkg-systemd-maintainers] Bug#717386: systemd-journal group does not exist

Josh Triplett josh at joshtriplett.org
Sat Jul 20 07:45:41 BST 2013 

On Sat, Jul 20, 2013 at 08:36:34AM +0200, Sven Joachim wrote:
> On 2013-07-20 08:18 +0200, Josh Triplett wrote:
> > systemd-journald expects a group systemd-journal to exist:
> > [    7.667864] systemd-journald[326]: Failed to resolve 'systemd-journal' group: No such process
> 
> This is almost surely related to this upstream change:
> 
> ,----
> | CHANGES WITH 198:
> | 
> |         * The journal files are now owned by a new group
> |           "systemd-journal", which exists specifically to allow access
> |           to the journal, and nothing else. Previously, we used the
> |           "adm" group for that, which however possibly covers more
> |           than just journal/log file access. This new group is now
> |           already used by systemd-journal-gatewayd to ensure this
> |           daemon gets access to the journal files and as little else
> |           as possible. Note that "make install" will also set FS ACLs
> |           up for /var/log/journal to give "adm" and "wheel" read
> |           access to it, in addition to "systemd-journal" which owns
> |           the journal files. We recommend that packaging scripts also
> |           add read access to "adm" + "wheel" to /var/log/journal, and
> |           all existing/future journal files. To normal users and
> |           administrators little changes, however packagers need to
> |           ensure to create the "systemd-journal" system group at
> |           package installation time.
> `----

The note about adding read access for adm makes sense; that should
happen as part of the fix for 717388.

> > However, systemd does not create this group.
> 
> As a result, journalctl doesn't work:
> 
> ,----
> | $ journalctl                           
> | Hint: You are currently not seeing messages from other users and the system.
> |       Users in the 'systemd-journal' group can see all messages. Pass -q to
> |       turn off this notice.
> | No journal files were opened due to insufficient permissions.
> `----

Ideally, this message should be extensible to indicate that membership
in the "adm" group works as well, since that's the standard Debian group
to get access to log files.

- Josh Triplett

More information about the Pkg-systemd-maintainers mailing list