On 2015-07-08 17:23:37 +0200, Christian Seiler wrote: > Are you sure you never used setfacl?
Yes, I'm sure. > Because your files have ACLs > (as seen by the + sign next to the mode), but systemd-journald by > default only uses normal permissions (at least under Jessie); FYI, I installed Jessie then upgraded to unstable. > unless you explicitly set ACLs on the directory, for example to > let members of the 'adm' group access the journal (see the > snippet in README.Debian I posted). There are ACL's on the directory, but I haven't set them. drwxr-sr-x+ 2 root systemd-journal 4096 2015-07-03 14:03:44 ./ > (Ok, technically it uses ACLs by default for the user-*.journal, > to grant each user access to their own journal, but not for > system.journal.) > > - What does 'getfacl system.journal' print? # file: system.journal # owner: root # group: root user::rw- group::r-- group:adm:r-x mask::r-x other::--- And for the directory: # file: . # owner: root # group: systemd-journal # flags: -s- user::rwx group::r-x group:adm:r-x mask::r-x other::r-x default:user::rwx default:group::r-x default:group:adm:r-x default:mask::r-x default:other::r-x > - Do you have any tmpfiles.d snippet installed that does > something to /var/log/journal? > > grep -r var/log/journal {/etc,/usr/lib}/tmpfiles.d /usr/lib/tmpfiles.d/systemd.conf:z /var/log/journal 2755 root systemd-journal - - /usr/lib/tmpfiles.d/systemd.conf:z /var/log/journal/%m 2755 root systemd-journal - - /usr/lib/tmpfiles.d/systemd.conf:a+ /var/log/journal/%m - - - - d:group:adm:r-x /usr/lib/tmpfiles.d/systemd.conf:A+ /var/log/journal/%m - - - - group:adm:r-x > Should only print systemd.conf with two 'z' (i.e. > non-recursive) entries for /var/log/journal and > /var/log/journal/%m. Well, this is not the case. And the file comes from systemd. > - Do you have any cron job or init script or systemd > service installed that plays around with file modes? No. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150708221735.ga1...@zira.vinc17.org