[arch-dev-public] FYI: systemd 198

Dave Reisner d at falconindy.com
Fri Mar 8 08:23:40 EST 2013

On Fri, Mar 08, 2013 at 10:50:56AM +0200, Evangelos Foutras wrote:
> On 8 March 2013 02:35, Tom Gundersen <teg at jklm.no> wrote:
> >         * The journal files are now owned by a new group
> >           "systemd-journal", which exists specifically to allow access
> >           to the journal, and nothing else. Previously, we used the
> >           "adm" group for that, which however possibly covers more
> >           than just journal/log file access. This new group is now
> >           already used by systemd-journal-gatewayd to ensure this
> >           daemon gets access to the journal files and as little else
> >           as possible. Note that "make install" will also set FS ACLs
> >           up for /var/log/journal to give "adm" and "wheel" read
> >           access to it, in addition to "systemd-journal" which owns
> >           the journal files. We recommend that packaging scripts also
> >           add read access to "adm" + "wheel" to /var/log/journal, and
> >           all existing/future journal files. To normal users and
> >           administrators little changes, however packagers need to
> >           ensure to create the "systemd-journal" system group at
> >           package installation time.
> I think the above was missed in the systemd 198-1 package.

Indeed, but I think this is something that we should add via a
core/filesystem upgrade to avoid the dep on shadow.


More information about the arch-dev-public mailing list