summaryrefslogtreecommitdiffstats
path: root/tmpfiles.d/systemd.conf.m4
diff options
context:
space:
mode:
authorlewo <lewo@abesis.fr>2017-02-08 00:56:55 +0100
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2017-02-08 00:56:55 +0100
commit15fcdc98cf4db7acdf5cd8df7614f3d3798ae81e (patch)
tree75f1695384b43001b406d0ddfc6f857fed925220 /tmpfiles.d/systemd.conf.m4
parentMerge pull request #5219 from poettering/run-size-check (diff)
downloadsystemd-15fcdc98cf4db7acdf5cd8df7614f3d3798ae81e.tar.xz
systemd-15fcdc98cf4db7acdf5cd8df7614f3d3798ae81e.zip
tmpfiles.d: set primary group rights to r-w (#5265)
If the /var/log/journal directory is created with rigths 700, the application of an ACL rules without any primary group right sets it to 0. A chmod 755 on this file will then only set the ACL mask and let the ACL primary group right to 0. The directory is then unreadable for the primary group. This patch explicitly sets the primary group to avoid this problem. Fixes #5264.
Diffstat (limited to '')
-rw-r--r--tmpfiles.d/systemd.conf.m412
1 files changed, 6 insertions, 6 deletions
diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4
index 2cd58e9121..76e3829ab2 100644
--- a/tmpfiles.d/systemd.conf.m4
+++ b/tmpfiles.d/systemd.conf.m4
@@ -49,21 +49,21 @@ z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
m4_ifdef(`HAVE_ACL',`m4_dnl
m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl
m4_ifdef(`ENABLE_WHEEL_GROUP',``
-a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x
-a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x
+a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x
+a+ /var/log/journal - - - - group::r-x,group:adm:r-x,group:wheel:r-x
a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r--
'', ``
-a+ /var/log/journal - - - - d:group:adm:r-x
-a+ /var/log/journal - - - - group:adm:r-x
+a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x
+a+ /var/log/journal - - - - group::r-x,group:adm:r-x
a+ /var/log/journal/%m - - - - d:group:adm:r-x
a+ /var/log/journal/%m - - - - group:adm:r-x
a+ /var/log/journal/%m/system.journal - - - - group:adm:r--
'')',`m4_dnl
m4_ifdef(`ENABLE_WHEEL_GROUP',``
-a+ /var/log/journal - - - - d:group:wheel:r-x
-a+ /var/log/journal - - - - group:wheel:r-x
+a+ /var/log/journal - - - - d:group::r-x,d:group:wheel:r-x
+a+ /var/log/journal - - - - group::r-x,group:wheel:r-x
a+ /var/log/journal/%m - - - - d:group:wheel:r-x
a+ /var/log/journal/%m - - - - group:wheel:r-x
a+ /var/log/journal/%m/system.journal - - - - group:wheel:r--