Bug#800947: ACL for /var/log/journal not set for group adm
Felipe Sateler
fsateler at debian.org
Mon Oct 5 16:50:35 BST 2015
On 5 October 2015 at 12:37, Michael Biebl <biebl at debian.org> wrote:
> Am 05.10.2015 um 17:35 schrieb Felipe Sateler:
>> On 5 October 2015 at 12:20, Michael Biebl <biebl at debian.org> wrote:
>>> But, when using Storage=persistent, journald will create the directory
>>> /var/log/journal/ itself. So this won't help in that case, unless
>>> systemd-journald re-added the code to apply ACLs itself.
>>
>> That would be a bug in (upstream) systemd, I think. Journald appears
>> to set the ACL on new files but not on the /v/l/j directory.
>
> Are you sure? I thought systemd-journald removed that code and relies on
> the file system to set them.
It appears you are correct. I missed the `if (uid <= SYSTEM_UID_MAX)`
check, which makes sure journald will only set acl for regular users
(and thus, not the adm user), so the adm acl must be ensured by the
filesystem.
--
Saludos,
Felipe Sateler
More information about the Pkg-systemd-maintainers
mailing list