RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1411198 - systemd-journald service should set up log storage properly
Summary: systemd-journald service should set up log storage properly
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: systemd
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: systemd-maint
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
: 1414071 (view as bug list)
Depends On:
Blocks: 1546552
TreeView+ depends on / blocked
 
Reported: 2017-01-09 04:32 UTC by Alois Mahdal
Modified: 2021-01-15 07:30 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-01-15 07:30:03 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1414071 0 unspecified CLOSED systemd-journal-gatewayd doesn't work when /run/log/journal is re-created by systemd-journald 2021-02-22 00:41:40 UTC

Internal Links: 1414071

Description Alois Mahdal 2017-01-09 04:32:20 UTC 
Description of problem
======================

When log storage (persistent or volatile) is missing (e.g. it has not been
created or has been removed manually) systemd-journald will create it,
but it will not properly set ownership and ACL.  This means that after
removing storage and restarting systemd-journald.service, new logs will
be only readable by root.

According to discussion with Michal Sekletár, the intended course of
action is to call systemd-tmpfiles to "fix" the permissions, which will
apply whatever scheme is configured in /usr/lib/tmpfiles.d/systemd.conf
(normally this is "read-only by groups systemd-journal, adm and wheel").
(systemd-tmpfiles is also called during boot, so an alternative would be
to reboot.)

Problem with this design is that there will always be a window when log
permissions are not set up properly.  Also, since the expected course
of action on admin's part is not very intuitive, the window may be much
longer than necessary.

This bug is to consider way to help remove this extra step.


Version-Release number of selected component
============================================

systemd-219-30.el7


How reproducible
================

Always


Steps to Reproduce
==================

This works the same for volatile and persistent storage, just the path
is different.  Note that persistent storage can be turned on either
by setting Storage=persistent or by setting Storage=auto and creating
/var/log/journal.

 1. Remove /var/log/journal or /run/log/journal
 2. Restart systemd-journald.service
 3. Check storage path permissions


Actual results
==============

System logs belong to and are only readable by root.  (If SplitMode is
set to 'uid' there may be also user-specific logs.)


Expected results
================

Members of groups adm, wheel and systemd-journal (or whatever is specified
in aforementioned config file) should have read access to the logs.


Additional info
===============

For the record, Michal mentioned idea to add systemd-tmpfiles to
ExecStartPost of systemd-journald.service.
Comment 3 David Tardon 2019-02-01 14:27:47 UTC 
*** Bug 1414071 has been marked as a duplicate of this bug. ***
Comment 5 RHEL Program Management 2021-01-15 07:30:03 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Note You need to log in before you can comment on or make changes to this bug.