Bug#755062: systemd: Syslog (contents that journalctl shows) stopped working after upgrading from 204-14 to 208-6

Axel Beckert abe at debian.org
Thu Jul 17 23:34:49 BST 2014


Control: severity -1 normal
Control: retitle -1 systemd: journalctl stopped working for unprivileged users (wrong permissions) after upgrading from 204-14 to 208-6

Hi Michael,

Michael Biebl wrote:
> > Michael Biebl wrote:
> >> Do you use persistent logging (i.e. do you have a /var/log/journal
> >> directory) or do you use volatile logging?
> > 
> > AFAIK volatile logging. Otherwise I'd have an real syslog daemon
> > installed. /var/log/journal does not exist.
> > 
> >> What are the permissions of of the journal directory and the files
> >> therein (either /var/log/journal or /run/log/journal)?
> > 
> > $ ls -lR /run/log/journal
> > /run/log/journal:
> > total 0
> > drwxr-xr-x 2 root root 140 Jul 17 04:49 492db8f3b777b11e00f22f1853442bf7/
> > 
> > /run/log/journal/492db8f3b777b11e00f22f1853442bf7:
> > total 69404
> > -rw-r----- 1 root root             8388608 Jul 17 23:32 system.journal
> > -rw-r----- 1 root systemd-journal 14618624 Jul  1 13:24 system at 00f9271567a145869260b64961e15f3f-0000000000000001-0004fc8358668c0b.journal
> > -rw-r----- 1 root systemd-journal 16502784 Jul  5 02:01 system at 00f9271567a145869260b64961e15f3f-0000000000004a8c-0004fd2003dd7bb2.journal
> > -rw-r----- 1 root systemd-journal 14782464 Jul 10 13:54 system at 00f9271567a145869260b64961e15f3f-000000000000a0ff-0004fd66f2b4c138.journal
> > -rw-r----- 1 root systemd-journal 16777216 Jul 17 04:48 system at 00f9271567a145869260b64961e15f3f-000000000000f40d-0004fdd57c902758.journal
> 
> That system.journal is root:root owned is a bit strange. Are you running
> journalctl as root or (unprivileged) user?

As unprivileged user.

> Apparently this file is still changed, looking at the date "Jul 17 23:32
> system.journal".

Indeed. And "journalctl -f" works fine as root. No idea why these
permissions changed with the upgrade.

> If you run "sudo journalctl -f" and logger foo, do you see this message
> show up in the journal or not?

Well, not using sudo (why does everybody insist on using sudo even
though it's not even installed by default?), but executing journalctl
as root, journalctl yields the expected data.

I'm hence lowering the severity further as the data is obviously not
lost. Also retitling according to the findings.

> Is this maybe a VM where you could snapshot the current state

No, it's a laptop with root on an LV on an encrypted VG/PV on SSD.
(Which is the reason why I only want volatile logs there.

> to check if a reboot does fix the issue?

Will check anyway. Since we now know what made the user no more being
able to access the log, the only issue left is finding the cause for
the permission change.

> Btw., I'll be away for the next couple of days. I hope someone else from
> the team can further assist with debugging this issue.

No more hurry from my side as the issue is clearly less severe than I
feared. Thanks for the assistance so far!

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5




More information about the Pkg-systemd-maintainers mailing list