[systemd-devel] [PATCH] tmpfiles: Fix journal file permissions broken by a606871

Lennart Poettering lennart at poettering.net
Wed Jun 11 01:53:53 PDT 2014


On Mon, 09.06.14 20:05, Jan Alexander Steffens (heftig) (jan.steffens at gmail.com) wrote:

> They shouldn't be executable nor world-readable.

I have now committed a different set of patches to clean this up for
good:                                                                                                                                                          
                                                                                                                                                                                                                                    
I have made "m" a true alias of "z" since it was pretty much a
non-globbing version of "z", and hence redundant. I have also removed
"m" from the docs, so that people use only "z" from now on.
                                                                                                                                                                                                                                    
I have also introduced a new syntax for access modes: if the access mode
is prefixed with "~" it will be masked by the executability,
readability, and writability of the existing node. Also, the
suid/sgid/sticky bits will be masked if the existing node is a
directory. This makes "Z" a lot more useful, for recursively applying
access modes.
                                                                                                                                                                                                                                    
Then, I have changed journald to always create /run/log/journal/%m as
0750 (i.e. dropped world-readability), so that unpriviliged processes
don't even get access to the dir at all. /var/log/journal/%m keeps the
0755 however, since on /var we do the per-user ACL magic, and hence
unpriviliged users need read access to the dir after all...

I have also downgraded the Z to z for /var/log/journal/%m, since that
might get expensive, since there might be a lot of files in there. Also,
given the we never write to the dir befor tmpfiles ran (and thus the
sgid bit was set) it appears unnecessary to recursively adjust the
mode/user/group of all files in the dir. This is different for
/run/log/journal/%m of course, since that is volatile, and we start
writing to it very early on.

This should settle all the confusion and chaos around the handling of
the journal files in tmpfiles. Please test if everything works correctly
now!

Anway, thanks for the patch!

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list