[systemd-devel] systemd 211 journal getting created with different permissions
Greg KH
gregkh at linuxfoundation.org
Tue Mar 11 23:08:59 PDT 2014
On Tue, Mar 11, 2014 at 10:44:17PM -0700, Greg KH wrote:
> On Tue, Mar 11, 2014 at 09:41:50PM -0700, Greg KH wrote:
> > On Tue, Mar 11, 2014 at 08:38:58PM -0700, Greg KH wrote:
> > > On Wed, Mar 12, 2014 at 04:21:55AM +0200, Mantas Mikulėnas wrote:
> > > > On Wed, Mar 12, 2014 at 3:46 AM, Greg KH <gregkh at linuxfoundation.org> wrote:
> > > > > Hi all,
> > > > >
> > > > > With systemd 211, a new journal file is getting created with permissions
> > > > > of root:root instead of root:systemd-journal like previously (210 and
> > > > > prior).
> > > > >
> > > > > I looked at the git log and can't see anything obvious that would have
> > > > > caused this.
> > > > >
> > > > > Is this intentional? Or something on my end with my system's
> > > > > configuration?
> > > >
> > > > Normally the journal files just inherit the group of /var/log/journal,
> > > > which has the setgid bit (and the correct group) set by
> > > > /usr/lib/tmpfiles.d/systemd.conf.
> > >
> > > I thought so, and this worked on 210, and the permissions of
> > > /var/log/journal/ is correct:
> > >
> > > drwxr-sr-x 2 root systemd-journal 4096 Mar 12 01:36 0da484f8dee497fee9585ba9531fb7f1
> > >
> > > > If you ran `make install`, however, it would chown /var/log/journal to
> > > > 0:0 until the next time systemd-tmpfiles ran.
> > >
> > > This gets created by the ebuild (this is on CoreOs), and the 210 ebuild
> > > worked, so what is different here?
> >
> > Apologies, I can now reproduce this on systemd 210, so this isn't a 211
> > issue from what I can tell just yet, sorry for the noise.
>
> In looking at this further, the /usr/lib/tmpfiles.d/systemd.conf will
> not change the permissions on the journald file, only the directory:
> m /var/log/journal 2755 root systemd-journal - -
> m /var/log/journal/%m 2755 root systemd-journal - -
> m /run/log/journal 2755 root systemd-journal - -
> m /run/log/journal/%m 2755 root systemd-journal - -
>
> So what is supposed to set the permissions on the journal file(s) that
> live in /var/log/journal/%m/ ?
>
> Let me do a build with 207 and see how that handles this issue...
Ah, found it.
Commit 4608af4333d0f7f5f8e3bc632801b04ef07d246d is the issue.
We moved from handling the mode internally, in 207, to using the
tmpfiles.d infrastructure in 208. On systems that previously were
working on 207, if you upgrade, the permissions are set properly from
207.
But, for 208, this changed :(
So, what's the odds that file globbing works with tmpfile.d, time to
rebuild...
greg k-h
More information about the systemd-devel
mailing list