Package: systemd Version: 215-17 Severity: normal The README.Debian for systemd instructs to set ACLs for /var/log/journal to let users in "adm" group to read the persistent journal via journalctl. This works well; but if the persistent journal isn't enabled, users in "adm" group can't read the journal with journalctl:
$ getfacl /run/log/journal # file: run/log/journal # owner: root # group: systemd-journal # flags: -s- user::rwx group::r-x other::r-x $ getfacl /run/log/journal/3deacfa10d0c169adfdeb36c50522bd6/ # file: run/log/journal/3deacfa10d0c169adfdeb36c50522bd6/ # owner: root # group: systemd-journal # flags: -s- user::rwx group::r-x other::--- systemd should set ACLs the same way as advertised for /var/log/journal in README.Debian, so that members of the adm group should be able to use journalctl even if persistent journal isn't enabled. Additionally, I stumbled upon something else; I don't know if it's expected behavior, or if it deserves a bug report, but if the persistent journal is enabled, /run/log/journal is only readable by root, and not the systemd-journal group. This causes no trouble, except a minor and temporary inconsistency in case one disables the persistent journal by deleting /var/log/journal and restarting systemd-journald; the right permissions for /run/log/journal (group systemd-journal) wouldn't be applied until next reboot. Regards, -- Raphaël Halimi
signature.asc
Description: OpenPGP digital signature
