On Fri, Mar 08, 2013 at 10:50:56AM +0200, Evangelos Foutras wrote: > On 8 March 2013 02:35, Tom Gundersen <[email protected]> wrote: > > * The journal files are now owned by a new group > > "systemd-journal", which exists specifically to allow access > > to the journal, and nothing else. Previously, we used the > > "adm" group for that, which however possibly covers more > > than just journal/log file access. This new group is now > > already used by systemd-journal-gatewayd to ensure this > > daemon gets access to the journal files and as little else > > as possible. Note that "make install" will also set FS ACLs > > up for /var/log/journal to give "adm" and "wheel" read > > access to it, in addition to "systemd-journal" which owns > > the journal files. We recommend that packaging scripts also > > add read access to "adm" + "wheel" to /var/log/journal, and > > all existing/future journal files. To normal users and > > administrators little changes, however packagers need to > > ensure to create the "systemd-journal" system group at > > package installation time. > > I think the above was missed in the systemd 198-1 package.
Indeed, but I think this is something that we should add via a core/filesystem upgrade to avoid the dep on shadow. d
