FS#43852 - [systemd] on install - warning: directory ownership differs on /var/log/journal/remote/
Attached to Project:
Arch Linux
Opened by jb (jb.1234abcd) - Tuesday, 17 February 2015, 06:31 GMT
Last edited by Dave Reisner (falconindy) - Saturday, 21 February 2015, 16:42 GMT
Opened by jb (jb.1234abcd) - Tuesday, 17 February 2015, 06:31 GMT
Last edited by Dave Reisner (falconindy) - Saturday, 21 February 2015, 16:42 GMT
|
Details
Description:
On install of systemd I get: warning: directory ownership differs on /var/log/journal/remote/ filesystem: 0:999 package: 0:0 Additional info: * package version(s) libsystemd-218-2 systemd-218-2 systemd-sysvcompat-218-2 * config and/or log files etc. $ ls -al /var/log/journal/ total 28 drwxr-sr-x+ 4 root systemd-journal 4096 Feb 4 18:59 . drwxr-xr-x 4 root root 4096 Feb 4 18:59 .. drwxr-sr-x+ 2 root systemd-journal 4096 Feb 4 19:07 d9f9af52a6e54710a8428c16f96331da drwxr-sr-x+ 2 root systemd-journal-remote 4096 Dec 11 03:18 remote $ grep -i systemd-journal /etc/passwd systemd-journal-gateway:x:191:191:systemd-journal-gateway:/:/usr/bin/nologin systemd-journal-upload:x:998:998:systemd Journal Upload:/:/sbin/nologin systemd-journal-remote:x:999:999:systemd Journal Remote:/:/sbin/nologin Steps to reproduce: pacman -Syu |
This task depends upon
Closed by Dave Reisner (falconindy)
Saturday, 21 February 2015, 16:42 GMT
Reason for closing: Fixed
Additional comments about closing: systemd-219-2
Saturday, 21 February 2015, 16:42 GMT
Reason for closing: Fixed
Additional comments about closing: systemd-219-2
systemd-journal:x:190:
systemd-journal-gateway:x:191:
systemd-journal-upload:x:998:
systemd-journal-remote:x:999:
But I guess the solution to this bug will be the same like for all such bugs: nothing + manual fixing to match the package with chown ( chown 0:0 /var/log/journal/remote ). See e.g. https://bugs.archlinux.org/task/43616 for a short discussion of this.
This is exactly the *wrong* advice.
Why is the sgid bit needed for /var/log/journal and any dirs below it ?
What contents of these dirs could be desired to be sgid-executable ?
I searched for any references and only found the ones below, where some people wonder as well:
http://lists.freedesktop.org/archives/systemd-devel/2014-June/019833.html
https://bbs.archlinux.org/viewtopic.php?id=170749
https://bugs.archlinux.org/task/37170
Note that I did not say that I think this is a good state that every now and then there are wrong permission warnings during updates.
Regarding the setgid on dirs, /var/log/journal/remote in particular - is it not aiding the attacker's exploit in acquiring systemd-journal-remote gid automatically ?
To me, systemd-journal-remote.service is quite risky due to its possible outer interfaces.
For example:
-rwxr-sr-x 1 root systemd-journal-remote 133156 Jul 19 2014 exploit
Is the setgid on dir not a means of obfuscation here ?
In our case only systemd-journal-remote.service is supposed to create and fill in the log dirs.
The setgid on dir makes sense only if the dir is shared by users with different gid's (e.g. shared project dir).
If so, would it not be preferable to remove the setgid on dir here ?