Am 12.05.2015 um 19:30 schrieb Andreas Metzler: > Michael Biebl <bi...@debian.org> wrote: > [...] >> systemd-journal was added for this very purpose to grant unprivileged >> users read access to the journal. > >> So it's absolutely correct to use in this case. > > Hello, > > If that is the only purpose of the group, why doesn't systemd > re-use adm instead of adding another group?
From [1]:
* The journal files are now owned by a new group
"systemd-journal", which exists specifically to allow access
to the journal, and nothing else. Previously, we used the
"adm" group for that, which however possibly covers more
than just journal/log file access. This new group is now
already used by systemd-journal-gatewayd to ensure this
daemon gets access to the journal files and as little else
as possible. Note that "make install" will also set FS ACLs
up for /var/log/journal to give "adm" and "wheel" read
access to it, in addition to "systemd-journal" which owns
the journal files. We recommend that packaging scripts also
add read access to "adm" + "wheel" to /var/log/journal, and
all existing/future journal files. To normal users and
administrators little changes, however packagers need to
ensure to create the "systemd-journal" system group at
package installation time.
[1]
http://lists.freedesktop.org/archives/systemd-devel/2013-March/009496.html
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
