Bug#934284: journal sometimes with x-bit, sometimes without

Michael Biebl biebl at debian.org
Fri Aug 9 15:16:06 BST 2019 

Control: tags -1 + moreinfo unreproducible

Am 09.08.19 um 08:15 schrieb Marc Haber:
> 
> I have not fully understood what happens here. I am monitoring my
> filesystems with aide, and sometimes get the following report:
> 
> ---------------------------------------------------
> Changed entries:
> ---------------------------------------------------
> 
> f   ...    . A.  : /run/log/journal/8f018d505adf4ecaad2720811a888b04/system.journal
> 
> ---------------------------------------------------
> Detailed information about changes:
> ---------------------------------------------------
> 
> File: /run/log/journal/8f018d505adf4ecaad2720811a888b04/system.journal
>   ACL      : A: user::rw-                     | A: user::rw-
>              A: group::r--                    | A: group::r-x   #effective:r--
>              A: group:adm:r--                 | A: group:adm:r-x        #effective:r--
>              A: mask::r--                     | A: mask::r--
>              A: other::---                    | A: other::---
> 
> This means that the system.journal has grown an x bit since the last
> aide run. This looks to me that the file gets created without the x bit,
> and then the x bit gets added at some later time.
> 
> Since the file is not executable, the X bit should not be set in the
> first place. If it's necessary for some magic, then it should be set
> from the beginning.
> 
> I am seeing this on more than just a few systems, also on buster and
> sid. I am reporting this from a stretch system just coincidentally, if
> you need information from a more modern system, please let me know.
> 
> Can you shed some light on this please?

I have never seen this behaviour myself on the multitude of systems I
run (laptop, servers, VM, containers) so I don't really have any idea.

What are the permissions /ACLs on

/run/log/journal/8f018d505adf4ecaad2720811a888b04/

Do you have any tmpfiles which references files in /run/log ?
Can you exclude that non-systemd components change the permissions?

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20190809/00f7c944/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list