Bug#771980: systemd: /var/run/log/journal is not readable by the adm group

[Felipe Sateler]

Hi,

On 4 Dec 2014 02:16, "Michael Biebl" <biebl at debian.org> wrote:
>
> Am 04.12.2014 um 04:38 schrieb Felipe Sateler:
> > Package: systemd
> > Version: 215-7
> > Severity: minor
> >
> > The tmpfiles snippets set the /run/log/journal directory owned to
> > root:systemd-journal, but it does not add a read acl for the adm group
> > as README.Debian suggests. I'm not sure tmpfiles can add ACLs, if so,
> > debian should probably add that ACL.
>
> Are you talking about /var/log/journal or /run/log/journal?
>
> Keep in mind, that we don't not create /var/log/journal in the package
> and if you do so, you should follow the instructions in the
> README.Debian to set the permissions/ACLs accordingly.

I'm sorry I was unclear. The instructions in README.Debian are
perfectly fine. The problem is when persistent logging is not enabled,
as /run/log/journal does not have the adm ACL set.

A jessie system by default will not have logs in `systemctl status`
and require root for journalctl.

I do not understsand the purpose of the systemd-journal group; if it
is safe to replace with adm everywhere I think that in Debian it
should be, as the adm group is the one for reading logs. That is
probably too intrusive for jessie, though.

>
> Once we ship /var/log/journal in the package, we'll also set the ACLs
> accordingly.
>
> I'm not quite sure what this bug report is about though and what we are
> supposed to "fix"?

I hope I was clearer this time.

-- 
Saludos,
Felipe Sateler