Am 2015-07-08 16:42, schrieb Vincent Lefevre:
On 2015-07-07 13:35:00 +0200, Christian Seiler wrote:Am 2015-07-05 13:03, schrieb Vincent Lefevre: >Can anyone explain these strange journald permissions? > >-rw-r-x---+ 1 root root 16777216 2015-07-05 12:57:55 >system.journal* >-rw-r-x---+ 1 root systemd-journal 8388608 2015-07-05 12:17:21 >user-1000.journal* > >More precisely, why the bit x for the group? So when activating the persistent journal, README.Debian contains the following line: setfacl -R -nm g:adm:rx,d:g:adm:rx /var/log/journal Did you by any chance forget the -n when executing it, so that instead you executed setfacl -R -m g:adm:rx,d:g:adm:rx /var/log/journal ?I activated the persistent journal by setting Storage=persistent in /etc/systemd/journald.conf, but didn't do anything else. In particular, I've never used setfacl. So, where does this bit x come from?
Are you sure you never used setfacl? Because your files have ACLs (as seen by the + sign next to the mode), but systemd-journald by default only uses normal permissions (at least under Jessie); unless you explicitly set ACLs on the directory, for example to let members of the 'adm' group access the journal (see the snippet in README.Debian I posted). (Ok, technically it uses ACLs by default for the user-*.journal, to grant each user access to their own journal, but not for system.journal.) - What does 'getfacl system.journal' print? - Do you have any tmpfiles.d snippet installed that does something to /var/log/journal? grep -r var/log/journal {/etc,/usr/lib}/tmpfiles.d Should only print systemd.conf with two 'z' (i.e. non-recursive) entries for /var/log/journal and /var/log/journal/%m. - Do you have any cron job or init script or systemd service installed that plays around with file modes? (Note: /var/log/journal is under /var/log, so if anything modifies /var/log, /var/log/journal may also be affected!) Christian