[systemd-devel] [ANNOUNCE] systemd v39

Kay Sievers kay.sievers at vrfy.org
Wed Jan 25 04:22:44 PST 2012


On Wed, Jan 25, 2012 at 12:59, Michael Biebl <mbiebl at gmail.com> wrote:
> Am 25. Januar 2012 12:00 schrieb Kay Sievers <kay.sievers at vrfy.org>:
>> On Wed, Jan 25, 2012 at 11:11, Jan Engelhardt <jengelh at medozas.de> wrote:
>>> On Wednesday 2012-01-25 02:02, Lennart Poettering wrote:
>>
>>>>[v39]
>>>>* If a group "adm" exists, journal files are automatically
>>>>  owned by them
>>>
>>> This sounds like it has the potential that journal files suddenly
>>> beomce writable by a random user group that has existed previously.
>>
>> The group 'adm' isn't random, is it? It's pretty commonly used for
>> 'system monitoring' users.
>
> In Debian (and derivatives) group "adm" is shipped by the base-passwd
> package, so guaranteed to exist. The relevant documentation reads:
>
> adm
>
>    Group adm is used for system monitoring tasks. Members of this group can
>    read many log files in /var/log, and can use xconsole.
>
>    Historically, /var/log was /usr/adm (and later /var/adm), thus the name of
>    the group.
>
> The log files in /var/log that are created by the syslog daemon, are
> owned by group adm.

That sounds all pretty sane to me, and like something distros should
adopt, if they haven't already.

We've did this kind harmonisation with the udev system groups a few
years back already, and I think just adopting 'adm' makes the most
sense here. Distros who don't want that can patch the sources as
needed.

We should always provide some common default, one that makes the
intention clear to have some sort of "Linux distro default". And any
sensible common pattern that is already in use, we should just adopt.

I don't think caring too much about cases where someone might have put
all the people he did not trust in the group 'adm', is really needed
here. :)

Kay


More information about the systemd-devel mailing list