[systemd-devel] [PATCH] Fix permissions on new journal files

Dave Reisner d at falconindy.com
Thu Mar 13 20:15:21 PDT 2014


On Fri, Mar 14, 2014 at 03:28:27AM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Mar 14, 2014 at 12:07:35AM +0000, Greg KH wrote:
> > When starting up journald on a new system, set the proper permissions on
> > the system.journal file, not only on the journal directory.
> > 
> > diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
> > index 7c6d6b9099b9..1aeb5e40f1ee 100644
> > --- a/tmpfiles.d/systemd.conf
> > +++ b/tmpfiles.d/systemd.conf
> > @@ -24,5 +24,7 @@ d /run/systemd/shutdown 0755 root root -
> >  
> >  m /var/log/journal 2755 root systemd-journal - -
> >  m /var/log/journal/%m 2755 root systemd-journal - -
> > +m /var/log/journal/%m/system.journal 2755 root systemd-journal - -
> >  m /run/log/journal 2755 root systemd-journal - -
> >  m /run/log/journal/%m 2755 root systemd-journal - -
> > +m /run/log/journal/%m/system.journal 2755 root systemd-journal - -
> This is just a kludge... Why is system.journal to be treated differently?
> It seems that the proper fix is to set the mode on the directory properly
> during installation.

FWIW, this would also solve a problem with users who set
Storage=volatile in journald.conf. I'm not saying this is the correct
solution, but currently non-root users are unable to read from volatile
journals because the journal files are created as root:root before
tmpfiles runs.


More information about the systemd-devel mailing list