[arch-dev-public] FYI: systemd 198
Dave Reisner
d at falconindy.com
Fri Mar 8 08:23:40 EST 2013
On Fri, Mar 08, 2013 at 10:50:56AM +0200, Evangelos Foutras wrote:
> On 8 March 2013 02:35, Tom Gundersen <teg at jklm.no> wrote:
> > * The journal files are now owned by a new group
> > "systemd-journal", which exists specifically to allow access
> > to the journal, and nothing else. Previously, we used the
> > "adm" group for that, which however possibly covers more
> > than just journal/log file access. This new group is now
> > already used by systemd-journal-gatewayd to ensure this
> > daemon gets access to the journal files and as little else
> > as possible. Note that "make install" will also set FS ACLs
> > up for /var/log/journal to give "adm" and "wheel" read
> > access to it, in addition to "systemd-journal" which owns
> > the journal files. We recommend that packaging scripts also
> > add read access to "adm" + "wheel" to /var/log/journal, and
> > all existing/future journal files. To normal users and
> > administrators little changes, however packagers need to
> > ensure to create the "systemd-journal" system group at
> > package installation time.
>
> I think the above was missed in the systemd 198-1 package.
Indeed, but I think this is something that we should add via a
core/filesystem upgrade to avoid the dep on shadow.
d
More information about the arch-dev-public
mailing list