Bug#920035: Logs in /run/log/journal not readable by group adm

[Dato]

Package: systemd
Version: 240-4

I recently lost the ability to read the logs of my user services 
with journalctl --user-unit or, well, systemctl --user status.

At first I thought it was #843310 ("user service logs are not 
available to normal users unless persistent Storage is used") and, 
sure enough, moving to persistent storage fixed the issue.

However, I couldn't understand why this would be working before. I 
don't think I had ever enabled persistant storage, but even if I 
had, then /var/log/journal would have to have disappeared in order
for volatile storage to come back.

Anyway.

I finally realized that, with persistant storage, I could read the 
whole journal as my user (not only my services). But that's 
because I'm in the adm group too.

So perhaps /run/log/journal used to be readable by adm, but no 
longer is? That would explain why it worked for me *before* (I was 
able to read my logs not because of my UID, but because of having 
the adm GID).

Alas, 843310 says:

> the files in /run/log/journal are owned root:systemd-journal,
> and only have an acl permitting group reading by group "adm".

In my case, not even the former is true:

    $ sudo ls -ld /run/log/journal{,/ef...}
    drwxr-xr-x 3 root root 60 Jan 21 16:24 /run/log/journal
    drwxr-x--- 2 root root 60 Jan 21 16:24 /run/log/journal/ef...

It would be great to see group ownership and ACLs fixed for 
/run/log/journal, so that this works again.

Many thanks for considering,

-d