Bug#800947: ACL for /var/log/journal not set for group adm
Raphaël Halimi
raphael.halimi at gmail.com
Mon Oct 5 12:08:31 BST 2015
Le 05/10/2015 12:30, Michael Biebl a écrit :
> But the subdirectories of /var/log/journal have the correct ACL set, right?
Yes, you're right, I just noticed it; but using journalctl as a user
won't display system messages (only user messages), which is not the
expected behavior of adding a user in the "adm" group (pre-systemd).
Maybe it's because the system.journal file doesn't have the ACL set ?
raph at arche:~$ getfacl -R /var/log/journal/
getfacl : suppression du premier « / » des noms de chemins absolus
# file: var/log/journal/
# owner: root
# group: systemd-journal
# flags: -s-
user::rwx
group::r-x
other::r-x
# file: var/log/journal//3deacfa10d0c169adfdeb36c50522bd6
# owner: root
# group: systemd-journal
# flags: -s-
user::rwx
group::r-x
group:adm:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:adm:r-x
default:mask::r-x
default:other::r-x
# file: var/log/journal//3deacfa10d0c169adfdeb36c50522bd6/user-1000.journal
# owner: root
# group: root
user::rw-
user:raph:r--
group::r--
mask::r--
other::---
# file: var/log/journal//3deacfa10d0c169adfdeb36c50522bd6/system.journal
# owner: root
# group: root
user::rw-
group::r--
other::---
I admit I don't know ACLs very well, but aren't the "default:..." lines
supposed to mean that the files under there should have these
permissions too ?
Regards,
--
Raphaël Halimi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20151005/ccf51cd1/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list