Control: tags -1 + moreinfo unreproducible Am 09.08.19 um 08:15 schrieb Marc Haber: > > I have not fully understood what happens here. I am monitoring my > filesystems with aide, and sometimes get the following report: > > --------------------------------------------------- > Changed entries: > --------------------------------------------------- > > f ... . A. : > /run/log/journal/8f018d505adf4ecaad2720811a888b04/system.journal > > --------------------------------------------------- > Detailed information about changes: > --------------------------------------------------- > > File: /run/log/journal/8f018d505adf4ecaad2720811a888b04/system.journal > ACL : A: user::rw- | A: user::rw- > A: group::r-- | A: group::r-x #effective:r-- > A: group:adm:r-- | A: group:adm:r-x > #effective:r-- > A: mask::r-- | A: mask::r-- > A: other::--- | A: other::--- > > This means that the system.journal has grown an x bit since the last > aide run. This looks to me that the file gets created without the x bit, > and then the x bit gets added at some later time. > > Since the file is not executable, the X bit should not be set in the > first place. If it's necessary for some magic, then it should be set > from the beginning. > > I am seeing this on more than just a few systems, also on buster and > sid. I am reporting this from a stretch system just coincidentally, if > you need information from a more modern system, please let me know. > > Can you shed some light on this please?
I have never seen this behaviour myself on the multitude of systems I run (laptop, servers, VM, containers) so I don't really have any idea. What are the permissions /ACLs on /run/log/journal/8f018d505adf4ecaad2720811a888b04/ Do you have any tmpfiles which references files in /run/log ? Can you exclude that non-systemd components change the permissions? -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
