[Pkg-systemd-maintainers] Bug#724668: Bug#724668: Bug#724668: Please add systemd-journal group by default
Michael Biebl
biebl at debian.org
Thu Sep 26 18:03:42 BST 2013
Am 26.09.2013 18:13, schrieb Guido Günther:
> See my other reply. Upstream actually does both: allow for adm _and_
> systemd-journal via ACLs to have a minimal read only user you can assign
> to e.g. daemons that should be allowed to read system journal but
> nothing else. It's somewhat similar to what we did with the libvirt-qemu
> user and the kvm user.
Minor correction here:
The primary group (let's use systemd-journal for now) is used by
systemd-journald to chgrp the files, like
-rw-r----- 1 root systemd-journal 27230208 Sep 26 18:57 system.journal
I.e., it also works on file systems which don't have ACL support
enabled. Read-access for group adm is done by running
setfacl -nm g:adm:rx,d:g:adm:rx $(DESTDIR)/var/log/journal/
on make install.
Fwiw, we don't enable persistent logging atm, and read-access via
systemd-journal group or via ACL is only applicable for persistent logs.
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20130926/64f7387c/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list