Re: strange journald *.journal file permissions

To: <debian-user@lists.debian.org>
Subject: Re: strange journald *.journal file permissions
From: Christian Seiler <christian@iwakd.de>
Date: Tue, 07 Jul 2015 13:35:00 +0200
Message-id: <[🔎] 9cc03322bda64dcfa07319a08cec53bf@iwakd.de>
Mail-followup-to: <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20150705110325.GA28020@xvii.vinc17.org>
References: <[🔎] 20150705110325.GA28020@xvii.vinc17.org>

Am 2015-07-05 13:03, schrieb Vincent Lefevre:

Can anyone explain these strange journald permissions?

-rw-r-x---+ 1 root root            16777216 2015-07-05 12:57:55
system.journal*
-rw-r-x---+ 1 root systemd-journal  8388608 2015-07-05 12:17:21
user-1000.journal*

More precisely, why the bit x for the group?


So when activating the persistent journal, README.Debian contains
the following line:
setfacl -R -nm g:adm:rx,d:g:adm:rx /var/log/journal

Did you by any chance forget the -n when executing it, so that
instead you executed
setfacl -R -m g:adm:rx,d:g:adm:rx /var/log/journal
?

That would explain the x bit (if the journal files were already
there when the setfacl command was executed.)

If so: that's harmless, just remove it, either via

chmod g=r /var/log/journal/*.journal

or

setfacl -m m::r /var/log/journal/*.journal

(Both are equivalent, because if POSIX ACLs are present, the
group permissions bit is used as the effective rights mask, see
the documentation for POSIX ACLs.)

Christian

Reply to:

Follow-Ups:
- Re: strange journald *.journal file permissions
  - From: Vincent Lefevre <vincent@vinc17.net>

References:
- strange journald *.journal file permissions
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Re: login version 1:4.1.5.1-1
Next by Date: Re: Logrotate failure SOLVED
Previous by thread: Re: strange journald *.journal file permissions
Next by thread: Re: strange journald *.journal file permissions
Index(es):
- Date
- Thread