1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 23:21:22 +03:00
Commit Graph

9 Commits

Author SHA1 Message Date
lewo
15fcdc98cf tmpfiles.d: set primary group rights to r-w (#5265)
If the /var/log/journal directory is created with rigths 700, the application
of an ACL rules without any primary group right sets it to 0. A chmod 755 on
this file will then only set the ACL mask and let the ACL primary group right
to 0. The directory is then unreadable for the primary group.

This patch explicitly sets the primary group to avoid this problem.

Fixes #5264.
2017-02-07 18:56:55 -05:00
Franck Bui
d428dd6ac9 tmpfiles: don't set the x bit for volatile system journal when ACL support is enabled (#3079)
When ACL support is enabled, systemd-tmpfiles-setup service sets the following
ACL entries to the volatile system journal:

   $ getfacl /run/log/journal/*/system.journal
   getfacl: Removing leading '/' from absolute path names
   # file: run/log/journal/xxx/system.journal
   # owner: root
   # group: systemd-journal
   user::rwx
   group::r--
   group🛞r-x
   group:adm:r-x
   mask::r-x
   other::---

This patch makes sure that the exec bit is not set anymore for the volatile
system journals.
2016-05-03 19:29:11 -04:00
Franck Bui
7178cd76f2 build-sys: allow references to adm group to be omitted (#3150) 2016-05-01 00:02:17 -04:00
Zbigniew Jędrzejewski-Szmek
2a998ffa1e build-sys: allow references to wheel group to be omitted
https://github.com/systemd/systemd/issues/2492
2016-02-17 23:47:23 -05:00
Zbigniew Jędrzejewski-Szmek
afae249efa tmpfiles: set acls on system.journal explicitly
https://github.com/systemd/systemd/issues/1397
2015-11-29 23:38:09 -05:00
Zbigniew Jędrzejewski-Szmek
57d5b3130c tmpfiles: also set acls on /var/log/journal
This way, directories created later for containers or for
journald-remote, will be readable by adm & wheel groups by default,
similarly to /var/log/journal/%m itself.

https://github.com/systemd/systemd/issues/1971
2015-11-29 18:37:01 -05:00
Lennart Poettering
8b258a645a tmpfiles: don't recursively descend into journal directories in /var
Do so only in /run. We shouldn't alter ACLs for existing files in /var,
but only for new files. If the admin made changes to the ACLs they
shouls stay in place.

We should still do recursive ACL changes for files in /run, since those
are not persistent, and will hence lack ACLs on every boot.

Also, /var/log/journal might be quit large, /run/log/journal is usually
not, hence we should avoid the recursive descending on /var, but not on
/run.

Fixes #534
2015-07-09 18:46:01 -03:00
Zbigniew Jędrzejewski-Szmek
a48a62a1af tmpfiles: use ACL magic on journal directories 2015-01-22 01:14:53 -05:00
Łukasz Stelmach
5a16bc264c build-sys: configure the list of system users, files and directories
Choose which system users defined in sysusers.d/systemd.conf and files
or directories in tmpfiles.d/systemd.conf, should be provided depending
on comile-time configuration.
2014-11-30 23:50:19 -05:00