From 15fcdc98cf4db7acdf5cd8df7614f3d3798ae81e Mon Sep 17 00:00:00 2001
From: lewo <lewo@abesis.fr>
Date: Wed, 8 Feb 2017 00:56:55 +0100
Subject: tmpfiles.d: set primary group rights to r-w (#5265)

If the /var/log/journal directory is created with rigths 700, the application
of an ACL rules without any primary group right sets it to 0. A chmod 755 on
this file will then only set the ACL mask and let the ACL primary group right
to 0. The directory is then unreadable for the primary group.

This patch explicitly sets the primary group to avoid this problem.

Fixes #5264.
---
 tmpfiles.d/systemd.conf.m4 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'tmpfiles.d')

diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4
index 2cd58e9121..76e3829ab2 100644
--- a/tmpfiles.d/systemd.conf.m4
+++ b/tmpfiles.d/systemd.conf.m4
@@ -49,21 +49,21 @@ z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
 m4_ifdef(`HAVE_ACL',`m4_dnl
 m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl
 m4_ifdef(`ENABLE_WHEEL_GROUP',``
-a+ /var/log/journal    - - - - d:group:adm:r-x,d:group:wheel:r-x
-a+ /var/log/journal    - - - - group:adm:r-x,group:wheel:r-x
+a+ /var/log/journal    - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x
+a+ /var/log/journal    - - - - group::r-x,group:adm:r-x,group:wheel:r-x
 a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
 a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
 a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r--
 '', ``
-a+ /var/log/journal    - - - - d:group:adm:r-x
-a+ /var/log/journal    - - - - group:adm:r-x
+a+ /var/log/journal    - - - - d:group::r-x,d:group:adm:r-x
+a+ /var/log/journal    - - - - group::r-x,group:adm:r-x
 a+ /var/log/journal/%m - - - - d:group:adm:r-x
 a+ /var/log/journal/%m - - - - group:adm:r-x
 a+ /var/log/journal/%m/system.journal - - - - group:adm:r--
 '')',`m4_dnl
 m4_ifdef(`ENABLE_WHEEL_GROUP',``
-a+ /var/log/journal    - - - - d:group:wheel:r-x
-a+ /var/log/journal    - - - - group:wheel:r-x
+a+ /var/log/journal    - - - - d:group::r-x,d:group:wheel:r-x
+a+ /var/log/journal    - - - - group::r-x,group:wheel:r-x
 a+ /var/log/journal/%m - - - - d:group:wheel:r-x
 a+ /var/log/journal/%m - - - - group:wheel:r-x
 a+ /var/log/journal/%m/system.journal - - - - group:wheel:r--
-- 
cgit v1.2.1