LogsDirectory vs. group adm
Felipe Sateler
fsateler at debian.org
Mon Apr 1 14:28:49 BST 2019
Hi,
On Mon, Apr 1, 2019 at 8:36 AM Thorsten Glaser <t.glaser at tarent.de> wrote:
> Hi again Felipe,
>
> > If you ship this, there is no need for a LogsDirectory= entry.
>
> But I probably do need to add it with ReadWritePaths if we use
> ProtectSystem=strict, correct?
>
Correct.
>
>
> https://salsa.debian.org/java-team/tomcat9/commit/5556481b345049f32720e20d22a072ebd9b865fa
Thanks for linking to the full file. I had not noticed that the unit used a
specific User. This means a root-owned /var/log/tomcat9 is not going to be
writable by tomcat. You should probably set it to tomcat9:adm, or add an
appropriate acl (tmpfiles can do it with a `a+` line).
Additionally, you might want to add `RequiresMountsFor=/var/log/tomcat9
/var/lib/tomcat9`, in case the admin has moved those dirs to a separate
mount.
--
Saludos,
Felipe Sateler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190401/09e3d714/attachment.html>
More information about the Pkg-systemd-maintainers
mailing list