Bug#800947: ACL for /var/log/journal not set for group adm

Michael Biebl biebl at debian.org
Mon Oct 5 12:12:06 BST 2015


Am 05.10.2015 um 13:08 schrieb Raphaël Halimi:
> Le 05/10/2015 12:30, Michael Biebl a écrit :
>> But the subdirectories of /var/log/journal have the correct ACL set, right?
> 
> Yes, you're right, I just noticed it; but using journalctl as a user
> won't display system messages (only user messages), which is not the
> expected behavior of adding a user in the "adm" group (pre-systemd).
> 
> Maybe it's because the system.journal file doesn't have the ACL set ?
> 
> raph at arche:~$ getfacl -R /var/log/journal/
> getfacl : suppression du premier « / » des noms de chemins absolus
> # file: var/log/journal/
> # owner: root
> # group: systemd-journal
> # flags: -s-
> user::rwx
> group::r-x
> other::r-x
> 
> # file: var/log/journal//3deacfa10d0c169adfdeb36c50522bd6
> # owner: root
> # group: systemd-journal
> # flags: -s-
> user::rwx
> group::r-x
> group:adm:r-x
> mask::r-x
> other::r-x
> default:user::rwx
> default:group::r-x
> default:group:adm:r-x
> default:mask::r-x
> default:other::r-x
> 
> # file: var/log/journal//3deacfa10d0c169adfdeb36c50522bd6/user-1000.journal
> # owner: root
> # group: root
> user::rw-
> user:raph:r--
> group::r--
> mask::r--
> other::---
> 
> # file: var/log/journal//3deacfa10d0c169adfdeb36c50522bd6/system.journal
> # owner: root
> # group: root
> user::rw-
> group::r--
> other::---
> 
> I admit I don't know ACLs very well, but aren't the "default:..." lines
> supposed to mean that the files under there should have these
> permissions too ?

See
https://github.com/systemd/systemd/commit/8b258a645ae63dff3ab8dde6520d2e770e2a40f1

Apparently this was an intended change.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20151005/dee38cf2/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list