FS#37040 - Error in manpage for journalctl
Attached to Project:
Arch Linux
Opened by Jon Gjengset (Jonhoo) - Tuesday, 24 September 2013, 16:17 GMT
Last edited by Dave Reisner (falconindy) - Tuesday, 24 September 2013, 18:40 GMT
Opened by Jon Gjengset (Jonhoo) - Tuesday, 24 September 2013, 16:17 GMT
Last edited by Dave Reisner (falconindy) - Tuesday, 24 September 2013, 18:40 GMT
|
Details
Description:
The man page for journalctl states that adding a user to the group "adm" will grant that user access to system logs. This is not correct (at least not in my clean Arch install). The group users should be added to is actually "systemd-journal". Adding the user to the group "adm" has no effect on access to journals. Don't know if this is an upstream bug, or whether this is due to Arch using a different group for the journals? Please advice. $ man journalctl ... users who are members of the "adm" group get access to the system journal $ ls -l /var/log/journal/$(cat /etc/machine-id) ... -rw-r----- 1 root systemd-journal 10874880 Sep 24 19:11 system.journal ... Additional info: * package version: systemd 207-5 |
This task depends upon
Closed by Dave Reisner (falconindy)
Tuesday, 24 September 2013, 18:40 GMT
Reason for closing: Fixed
Additional comments about closing: http://cgit.freedesktop.org/systemd/syst emd/commit/?id=8bd94f7a03032ac9218e
Tuesday, 24 September 2013, 18:40 GMT
Reason for closing: Fixed
Additional comments about closing: http://cgit.freedesktop.org/systemd/syst emd/commit/?id=8bd94f7a03032ac9218e
$ getfacl /var/log/journal/f2987b1c316d1e4e496bd04f00000087/system.journal
getfacl: Removing leading '/' from absolute path names
# file: var/log/journal/f2987b1c316d1e4e496bd04f00000087/system.journal
# owner: root
# group: systemd-journal
user::rw-
group::r-x #effective:r--
group:adm:r-x #effective:r--
group:wheel:r-x #effective:r--
mask::r--
other::---
$ getfacl system.journal
# file: system.journal
# owner: root
# group: systemd-journal
user::rw-
group::r--
other::---
$ mount | grep /var
/dev/sda3 on /var type ext4 (rw,relatime,data=ordered)
Should I manually add acl to the mount options for /var?
If so, perhaps genfstab should be updated to include it?
I think your manpage is fubar. 207-5's manpage says:
"Journal files are, by default, owned and readable by the "systemd-journal" system group but are not writable. Adding a user to this group thus enables her/him to read the journal files."
There's no mention of the "adm" group except to explicitly state:
"Additional users and groups may be granted access to journal files via file system access control lists (ACL). Distributions and administrators may choose to grant read access to all members of the "wheel" and "adm" system groups with a command such as the following:
# setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/"
The reason I brought up genfstab was because that's the only thing I've used to create my fstab, so if systemd wants an acl mount flag, presumable genfstab should add it. Don't see why ACL should be necessary though...
$ pacman -Qi systemd
Name : systemd
Version : 207-5
Description : system and service manager
Architecture : x86_64
URL : http://www.freedesktop.org/wiki/Software/systemd
Licences : GPL2 LGPL2.1 MIT
Groups : None
Provides : libsystemd=207 nss-myhostname systemd-tools=207 udev=207 libgudev-1.0.so=0-64 libsystemd-daemon.so=0-64 libsystemd-id128.so=0-64
libsystemd-journal.so=0-64 libsystemd-login.so=0-64 libudev.so=1-64
Depends On : acl bash dbus-core glib2 kbd kmod hwids libcap libgcrypt pam util-linux xz
Optional Deps : cryptsetup: required for encrypted block devices [installed]
libmicrohttpd: systemd-journal-gatewayd
quota-tools: kernel-level quota management
python: systemd library bindings [installed]
systemd-sysvcompat: symlink package to provide sysvinit binaries [installed]
Required By : colord device-mapper gnome-session libgusb libusbx lvm2 mesa mkinitcpio netctl pcmciautils polkit qtwebkit systemd-sysvcompat upower
xf86-input-evdev
Optional For : None
Conflicts With : libsystemd nss-myhostname systemd-tools udev
Replaces : libsystemd nss-myhostname systemd-tools udev
Installed Size : 12422.00 KiB
Packager : Dave Reisner <dreisner@archlinux.org>
Build Date : Thu 19 Sep 2013 23:12:56 BST
Install Date : Tue 24 Sep 2013 13:43:41 BST
Install Reason : Installed as a dependency for another package
Install Script : Yes
Validated By : Signature
$ man 1 journalctl | grep -A1 adm
All users are granted access to their private per-user journals. However, by default, only root and users who are members of the "adm" group get access to the
system journal and the journals of other users