70866 – [systemd-journald][208] User in systemd-journal group can't access journal if it's in volatile storage only

Bug 70866 - [systemd-journald][208] User in systemd-journal group can't access journal if it's in volatile storage only

Summary: [systemd-journald][208] User in systemd-journal group can't access journal if...

Status:	RESOLVED FIXED

Alias:	None

Product:	systemd
Classification:	Unclassified
Component:	general (show other bugs)
Version:	unspecified
Hardware:	Other Linux (All)

Importance:	low minor
Assignee:	Zbigniew Jedrzejewski-Szmek
QA Contact:	systemd-bugs

URL:
Whiteboard:
Keywords:

Duplicates (3):	70475 74548 76879 (view as bug list)
Depends on:
Blocks:

Reported:	2013-10-25 16:11 UTC by reztho
Modified:	2016-12-08 09:57 UTC (History)
CC List:	4 users (show)

See Also:
i915 platform:
i915 features:

Attachments

Description reztho 2013-10-25 16:11:48 UTC

In the man page of journalctl, we can see this:
"All users are granted access to their private per-user journals. However, by default, only root and users who are members of the "systemd-journal" group get access to the system journal and the journals of other users."

But this only applies as long as the journal uses the persistent storage. Users can't access the journal when only using the volatile storage: the journal file in /run/log/journal/%m/system.journal is owned by root.root.

Steps to reproduce:
1. gpasswd -a user systemd-journald
2. Edit the file /etc/systemd/journald.conf and change the storage line to:
Storage=volatile
3. Reboot, login as user and run journalctl:
No journal files were found

Workaround, thanks to alxchk from the official systemd IRC channel:
1. Add these lines to /etc/systemd/system/systemd-journald.service.d/fixperms.conf
[Service]
ExecStartPre=/usr/bin/systemd-tmpfiles --create --prefix=/run/log

2. Add this line to /etc/tmpfiles.d/journald_fixperms.conf:
d /run/log/journal 2755 root systemd-journal - -

Comment 1 Cristian Rodríguez 2013-12-02 00:05:59 UTC

*** Bug 70475 has been marked as a duplicate of this bug. ***

Comment 2 Lennart Poettering 2014-02-21 14:15:53 UTC

*** Bug 74548 has been marked as a duplicate of this bug. ***

Comment 3 Lennart Poettering 2014-05-24 09:28:10 UTC

*** Bug 76879 has been marked as a duplicate of this bug. ***

Comment 4 Lennart Poettering 2014-06-25 10:43:39 UTC

Fixed in current versions. We will now rechown() the files in /run after boot.

Comment 5 Zbigniew Jedrzejewski-Szmek 2014-06-25 14:11:49 UTC

I'm afraid the goalposts have moved in the meanwhile.

We now have two bugs:
1. journalctl(1) needs to be updated, because 'adm' and 'wheel' groups are allowed to read the journal too. I'll do that later today.

2. volatile logs are still not available for those two groups.

Comment 6 Zbigniew Jedrzejewski-Szmek 2015-01-22 06:28:43 UTC

http://cgit.freedesktop.org/systemd/systemd/commit/?id=42d8fafc4b
http://cgit.freedesktop.org/systemd/systemd/commit/?id=a48a62a1af

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.