[systemd-devel] [PATCH] journald: Make the group that owns journal files configurable

[Lennart Poettering]

On Thu, 07.03.13 16:41, Gergely Nagy (algernon at balabit.hu) wrote:

> While a separate group to own the journal files is desirable, which
> group it is should be tweakable (to the point where it can be set to
> an existing group, like adm, for systems where that makes sense).
> 
> To this end, this patch introduces a --with-journal-group=GROUP option
> to configure, and uses the supplied value (or systemd-journal, if none
> specified) as the dedicated group.

I don't think this is really desirable. This group is something external
packages should be able to make use of and rely on, and it would be
suboptimal if you'd have to configure this group everywhere manually.

I mean, can you make a really good case why this should be configurable?
Configurability just for configurability's sake doesn't appeal to me...

Note that your patch already ran into one instance of the problem of
making this configureable: systemd-journal-gatewayd.service refers to
this group in SupplementaryGroups= in order to get access to the journal
files, which your patch didn't update. So, you see, it already made
BOOM! once to have this configurable, because it was too hard to keep
things in sync.

So, I am very conservative on making this configurable, but hey, I can
be convinced, so can you make a really good case for this?

Otherwise this appears to be something to configure downstream by
patching, rather then upstream via a configure switch.

Hope that makes some sense,

Lennart

-- 
Lennart Poettering - Red Hat, Inc.