Bug#783651: users in adm group can't use journalctl if persistent journal isn't enabled
Raphaƫl Halimi
raphael.halimi at gmail.com
Tue Apr 28 19:36:37 BST 2015
Package: systemd
Version: 215-17
Severity: normal
The README.Debian for systemd instructs to set ACLs for /var/log/journal
to let users in "adm" group to read the persistent journal via
journalctl. This works well; but if the persistent journal isn't
enabled, users in "adm" group can't read the journal with journalctl:
$ getfacl /run/log/journal
# file: run/log/journal
# owner: root
# group: systemd-journal
# flags: -s-
user::rwx
group::r-x
other::r-x
$ getfacl /run/log/journal/3deacfa10d0c169adfdeb36c50522bd6/
# file: run/log/journal/3deacfa10d0c169adfdeb36c50522bd6/
# owner: root
# group: systemd-journal
# flags: -s-
user::rwx
group::r-x
other::---
systemd should set ACLs the same way as advertised for /var/log/journal
in README.Debian, so that members of the adm group should be able to use
journalctl even if persistent journal isn't enabled.
Additionally, I stumbled upon something else; I don't know if it's
expected behavior, or if it deserves a bug report, but if the persistent
journal is enabled, /run/log/journal is only readable by root, and not
the systemd-journal group. This causes no trouble, except a minor and
temporary inconsistency in case one disables the persistent journal by
deleting /var/log/journal and restarting systemd-journald; the right
permissions for /run/log/journal (group systemd-journal) wouldn't be
applied until next reboot.
Regards,
--
Raphaël Halimi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20150428/a7fec39a/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list