Description of problem
When log storage (persistent or volatile) is missing (e.g. it has not been
created or has been removed manually) systemd-journald will create it,
but it will not properly set ownership and ACL. This means that after
removing storage and restarting systemd-journald.service, new logs will
be only readable by root.
According to discussion with Michal Sekletár, the intended course of
action is to call systemd-tmpfiles to "fix" the permissions, which will
apply whatever scheme is configured in /usr/lib/tmpfiles.d/systemd.conf
(normally this is "read-only by groups systemd-journal, adm and wheel").
(systemd-tmpfiles is also called during boot, so an alternative would be
Problem with this design is that there will always be a window when log
permissions are not set up properly. Also, since the expected course
of action on admin's part is not very intuitive, the window may be much
longer than necessary.
This bug is to consider way to help remove this extra step.
Version-Release number of selected component
Steps to Reproduce
This works the same for volatile and persistent storage, just the path
is different. Note that persistent storage can be turned on either
by setting Storage=persistent or by setting Storage=auto and creating
1. Remove /var/log/journal or /run/log/journal
2. Restart systemd-journald.service
3. Check storage path permissions
System logs belong to and are only readable by root. (If SplitMode is
set to 'uid' there may be also user-specific logs.)
Members of groups adm, wheel and systemd-journal (or whatever is specified
in aforementioned config file) should have read access to the logs.
For the record, Michal mentioned idea to add systemd-tmpfiles to
ExecStartPost of systemd-journald.service.
*** Bug 1414071 has been marked as a duplicate of this bug. ***
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.