Bug#791897: systemd: incorrect x bit for group on .journal log files after setting Storage=persistent

Michael Biebl biebl at debian.org
Thu Jul 9 12:37:58 BST 2015 

Am 09.07.2015 um 12:43 schrieb Vincent Lefevre:
> Package: systemd
> Version: 222-1
> Severity: normal
> 
> The .journal files under /var/log/journal/*/ have an incorrect x bit
> for the group:
> 
> -rw-r-x---+ 1 root root            50331648 2015-07-09 12:25:09 system.journal
> -rw-r-x---+ 1 root systemd-journal 16777216 2015-07-09 11:27:15 user-1000.journal
> 
> According to Christian Seiler's message
> 
>   https://lists.debian.org/debian-user/2015/07/msg00359.html
> 
> the cause is the following lines in /usr/lib/tmpfiles.d/systemd.conf:
> 
> a+ /var/log/journal/%m - - - - d:group:adm:r-x
> A+ /var/log/journal/%m - - - - group:adm:r-x
> 
> Christian said:
> 
> "Ok, that's it: a+/A+ is new in systemd in unstable (don't remember when
> exactly it was introduced, but 215 from Jessie doesn't have it), and
> that is used to set ACLs.
> 
> So what happend is the following:
> 
>  - journald created these files after you initially set
>    Storage=persistent, but without ACLs (and thus no ACL mask)
> 
>  - the tmpfiles.d snippet was executed after that (probably at the next
>    boot)
> 
>  - A+ is recursive and adds ACL entries (in this case for the adm
>    group)
> 
>  - but since the files didn't have an ACL mask yet, it was
>    automatically created, leaving the mask with an x bit
>    (because the adm-ACL for group was added with x)
> 
> [...]
> 
> That said, I think it would be justified to open a bug report about the
> current behavior (even if after removing the bit once it doesn't occur
> anymore), and the solution would be to have tmpfiles.d provide an
> option to set ACLs without recalculating a mask (equivalent to what
> setfacl -n does), and change the tmpfiles.d snippet to make use of
> that."

That sounds like an upstream change.

> Note: since Jessie is not affected, I suppose that this will affect
> Jessie users in the next upgrade if nothing is done to fix the problem.
> 
> systemd should ensure that:
>   * The x bit is no longer added in the future.
>   * If the x bit was set due to this bug, it should be removed
>     automatically.

Please consider filing this upstream.

Thanks,
Michael


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150709/349bea27/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list