Am 14.03.22 um 12:32 schrieb Marc Haber:
On Mon, Mar 14, 2022 at 11:38:01AM +0100, Michael Biebl wrote:Nowadays I have a persistent journal enabled basically everywhere, which somewhat mitigates this issue as /var/log/journal/<machineid> will persist across reboots and new files will always inherit the same ACLs settings.That might apply to the default configuration, yes.That said, I know too little about ACLs to suggest a way how to setup the parent folder differently so new files not getting the (ineffective) x-bit.Maybe ACLs have a construct similiar to umask?It's a bit of an oddity for sure but at least with a persistent journal you would not get this warning from aide I assume as all files would now have an (in-effective) x-bit set?I have no machine running with a persistent journal. I am probably too much an old fart to adjust my finger memory to using journalctl, despite desperately trying for years yet.
upstream has closed bug report I created at https://github.com/systemd/systemd/issues/22729They argue that everything is working as expected and if aide trips up over that masked out x-bit it should be aide that needs to be fixed.
OpenPGP_signature
Description: OpenPGP digital signature