Bug#847448: systemd: wrong permissions on non-persistent /run/log/journal
Michael Biebl
biebl at debian.org
Thu Dec 8 11:47:33 GMT 2016
Control: tags -1 moreinfo unreproducible
Am 08.12.2016 um 11:31 schrieb Dennis Schridde:
> Package: systemd
> Version: 215-17+deb8u5
> Severity: important
>
> Dear Maintainer,
>
> I tried to run `sudo -u nobody -g systemd-journal journalctl --unit=some-system-unit.service`, but journalctl replied "No journal files were found.". If I change the group argument to "root", I can read the journal of that unit. I would expect that some non-root user could
> read the journal, though, in this case to run a script as non-root that is supposed to send part of the journal via email.
>
> The cause appears to be that /run/log/journal is owned by root:root instead of root:systemd-journal. There exists an older bug (bug #746279) where this was fixed in systemd 208-6, but the issue is back in systemd-215-17.
I can't reproduce the problem.
I've checked several jessie systems (with a volatile journal), some of
them on real hardware, some are VMs, all of them have
root:systemd-journal owned journal files.
This looks like something which is specific to your system.
Can you reproduce the reproduce the problem with a clean installation of
jessie? Do you have any custom configuration which might override the
default configuration?
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20161208/ec95d1d7/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list