[systemd-devel] [PATCH] tmpfiles: Fix journal file permissions broken by a606871
Greg KH
gregkh at linuxfoundation.org
Wed Jun 11 08:30:33 PDT 2014
On Wed, Jun 11, 2014 at 10:53:53AM +0200, Lennart Poettering wrote:
> On Mon, 09.06.14 20:05, Jan Alexander Steffens (heftig) (jan.steffens at gmail.com) wrote:
>
> > They shouldn't be executable nor world-readable.
>
> I have now committed a different set of patches to clean this up for
> good:
>
> I have made "m" a true alias of "z" since it was pretty much a
> non-globbing version of "z", and hence redundant. I have also removed
> "m" from the docs, so that people use only "z" from now on.
>
> I have also introduced a new syntax for access modes: if the access mode
> is prefixed with "~" it will be masked by the executability,
> readability, and writability of the existing node. Also, the
> suid/sgid/sticky bits will be masked if the existing node is a
> directory. This makes "Z" a lot more useful, for recursively applying
> access modes.
>
> Then, I have changed journald to always create /run/log/journal/%m as
> 0750 (i.e. dropped world-readability), so that unpriviliged processes
> don't even get access to the dir at all. /var/log/journal/%m keeps the
> 0755 however, since on /var we do the per-user ACL magic, and hence
> unpriviliged users need read access to the dir after all...
>
> I have also downgraded the Z to z for /var/log/journal/%m, since that
> might get expensive, since there might be a lot of files in there. Also,
> given the we never write to the dir befor tmpfiles ran (and thus the
> sgid bit was set) it appears unnecessary to recursively adjust the
> mode/user/group of all files in the dir. This is different for
> /run/log/journal/%m of course, since that is volatile, and we start
> writing to it very early on.
>
> This should settle all the confusion and chaos around the handling of
> the journal files in tmpfiles. Please test if everything works correctly
> now!
Nice, that sounds like a much better change. I'll test this all out
soon to make sure a "first boot on a clean system" works properly.
thanks,
greg k-h
More information about the systemd-devel
mailing list