diff options
| author | lewo <lewo@abesis.fr> | 2017-02-08 00:56:55 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2017-02-07 18:56:55 -0500 |
| commit | 15fcdc98cf4db7acdf5cd8df7614f3d3798ae81e (patch) | |
| tree | 75f1695384b43001b406d0ddfc6f857fed925220 /tmpfiles.d | |
| parent | 55295fd84d7ab0b80a3bda467f6be8d512311909 (diff) | |
| download | systemd-15fcdc98cf4db7acdf5cd8df7614f3d3798ae81e.tar.gz | |
tmpfiles.d: set primary group rights to r-w (#5265)
If the /var/log/journal directory is created with rigths 700, the application
of an ACL rules without any primary group right sets it to 0. A chmod 755 on
this file will then only set the ACL mask and let the ACL primary group right
to 0. The directory is then unreadable for the primary group.
This patch explicitly sets the primary group to avoid this problem.
Fixes #5264.
Diffstat (limited to 'tmpfiles.d')
| -rw-r--r-- | tmpfiles.d/systemd.conf.m4 | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 index 2cd58e9121..76e3829ab2 100644 --- a/tmpfiles.d/systemd.conf.m4 +++ b/tmpfiles.d/systemd.conf.m4 @@ -49,21 +49,21 @@ z /var/log/journal/%m/system.journal 0640 root systemd-journal - - m4_ifdef(`HAVE_ACL',`m4_dnl m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl m4_ifdef(`ENABLE_WHEEL_GROUP',`` -a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x -a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x +a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x +a+ /var/log/journal - - - - group::r-x,group:adm:r-x,group:wheel:r-x a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- '', `` -a+ /var/log/journal - - - - d:group:adm:r-x -a+ /var/log/journal - - - - group:adm:r-x +a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x +a+ /var/log/journal - - - - group::r-x,group:adm:r-x a+ /var/log/journal/%m - - - - d:group:adm:r-x a+ /var/log/journal/%m - - - - group:adm:r-x a+ /var/log/journal/%m/system.journal - - - - group:adm:r-- '')',`m4_dnl m4_ifdef(`ENABLE_WHEEL_GROUP',`` -a+ /var/log/journal - - - - d:group:wheel:r-x -a+ /var/log/journal - - - - group:wheel:r-x +a+ /var/log/journal - - - - d:group::r-x,d:group:wheel:r-x +a+ /var/log/journal - - - - group::r-x,group:wheel:r-x a+ /var/log/journal/%m - - - - d:group:wheel:r-x a+ /var/log/journal/%m - - - - group:wheel:r-x a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- |