[Pkg-systemd-maintainers] Bug#724668: Bug#724668: Bug#724668: Please add systemd-journal group by default
Guido Günther
agx at sigxcpu.org
Thu Sep 26 21:00:32 BST 2013
On Thu, Sep 26, 2013 at 07:03:42PM +0200, Michael Biebl wrote:
> Am 26.09.2013 18:13, schrieb Guido Günther:
> > See my other reply. Upstream actually does both: allow for adm _and_
> > systemd-journal via ACLs to have a minimal read only user you can assign
> > to e.g. daemons that should be allowed to read system journal but
> > nothing else. It's somewhat similar to what we did with the libvirt-qemu
> > user and the kvm user.
>
> Minor correction here:
> The primary group (let's use systemd-journal for now) is used by
> systemd-journald to chgrp the files, like
>
> -rw-r----- 1 root systemd-journal 27230208 Sep 26 18:57 system.journal
>
> I.e., it also works on file systems which don't have ACL support
> enabled. Read-access for group adm is done by running
>
> setfacl -nm g:adm:rx,d:g:adm:rx $(DESTDIR)/var/log/journal/
>
>
> on make install.
> Fwiw, we don't enable persistent logging atm, and read-access via
> systemd-journal group or via ACL is only applicable for persistent logs.
Hmm...I've never changed anything and do have persistent logging back to
2012.
Cheers,
-- Guido
More information about the Pkg-systemd-maintainers
mailing list