Bug 1047729 - RFE: allow access to specific groups if journal logs are volatile (stored in /run)
Summary: RFE: allow access to specific groups if journal logs are volatile (stored in ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-01-02 03:15 UTC by gustavo panizzo <gfa>
Modified: 2016-12-08 09:57 UTC (History)
9 users (show)

Fixed In Version: systemd-208-19.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-12-11 08:43:31 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Debian BTS 717386 0 None None None Never

Description gustavo panizzo <gfa> 2014-01-02 03:15:46 UTC 
Description of problem:
journal expect users to be part of certain group (systemd-journal) in order to allow them to read the logs, that's ok but the group should be configurable 

Version-Release number of selected component (if applicable):
204

How reproducible:
run journalctl as regular user 

Steps to Reproduce:
1. 
$ journalctl 
Unprivileged users cannot access messages, unless persistent log storage is
enabled. Users in the 'systemd-journal' group may always access messages.

2.
3.

Actual results:


Expected results:


Additional info:

the traditional group to allow access to logs is adm, in some places a custom group (maybe is an ldap/nis group) is created for that propose. it should not be hardcoded to systemd-journal
Comment 1 Zbigniew Jędrzejewski-Szmek 2014-01-14 20:01:58 UTC 
It is configurable now. Since http://cgit.freedesktop.org/systemd/systemd/commit/?id=4608af4 (before systemd-208 which is in Fedora 20), systemd-journald will not touch the directory ownership anymore. You can override the group by adding an appropriate override for tmpfiles.d/systemd.conf, where this ownership is set.
Comment 2 gustavo panizzo <gfa> 2014-01-15 14:53:26 UTC 
that's ok but i want to be able to configure the group which is allowed to run journalctl always, not only when i'm using persistent storage. i want to have the same functionality when logs are ephemeral.

thanks
Comment 3 Zbigniew Jędrzejewski-Szmek 2014-04-18 04:10:45 UTC 
As of http://cgit.freedesktop.org/systemd/systemd/commit/?id=a606871, permissions are set for both /var/log/journald/... and /run/log/journal/... in the same way. You can also override them in the same way, per comment #1. I'll include this change in the next update.
Comment 4 Fedora Update System 2014-06-19 13:19:19 UTC 
systemd-208-18.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/systemd-208-18.fc20
Comment 5 Fedora Update System 2014-06-19 22:56:01 UTC 
Package systemd-208-18.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing systemd-208-18.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-7512/systemd-208-18.fc20
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2014-06-22 23:55:24 UTC 
Package systemd-208-19.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing systemd-208-19.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-7512/systemd-208-19.fc20
then log in and leave karma (feedback).
Comment 7 Jan Synacek 2014-12-11 08:43:31 UTC 
The update has long been in stable, closing this bug.
Note You need to log in before you can comment on or make changes to this bug.