Am 09.08.19 um 16:16 schrieb Michael Biebl: > Control: tags -1 + moreinfo unreproducible > > Am 09.08.19 um 08:15 schrieb Marc Haber: >> >> I have not fully understood what happens here. I am monitoring my >> filesystems with aide, and sometimes get the following report: >> >> --------------------------------------------------- >> Changed entries: >> --------------------------------------------------- >> >> f ... . A. : >> /run/log/journal/8f018d505adf4ecaad2720811a888b04/system.journal >> >> --------------------------------------------------- >> Detailed information about changes: >> --------------------------------------------------- >> >> File: /run/log/journal/8f018d505adf4ecaad2720811a888b04/system.journal >> ACL : A: user::rw- | A: user::rw- >> A: group::r-- | A: group::r-x >> #effective:r-- >> A: group:adm:r-- | A: group:adm:r-x >> #effective:r-- >> A: mask::r-- | A: mask::r-- >> A: other::--- | A: other::--- >> >> This means that the system.journal has grown an x bit since the last >> aide run. This looks to me that the file gets created without the x bit, >> and then the x bit gets added at some later time. >> >> Since the file is not executable, the X bit should not be set in the >> first place. If it's necessary for some magic, then it should be set >> from the beginning. >> >> I am seeing this on more than just a few systems, also on buster and >> sid. I am reporting this from a stretch system just coincidentally, if >> you need information from a more modern system, please let me know. >> >> Can you shed some light on this please? > > I have never seen this behaviour myself on the multitude of systems I > run (laptop, servers, VM, containers) so I don't really have any idea. > > What are the permissions /ACLs on > > /run/log/journal/8f018d505adf4ecaad2720811a888b04/ > > Do you have any tmpfiles which references files in /run/log ? > Can you exclude that non-systemd components change the permissions?
The only (slightly) relevant issues I found so far are https://github.com/systemd/systemd/issues/1977 but that concerns user journals only and only persistent journal Also fixed a long time ago. The second is https://github.com/systemd/systemd/commit/d428dd6ac9a56e7b3421fb8ef3aac9937a4a2e62 This is also fixed since v230 unless you have an outdated copy of system.conf installed in /etc which was not updated. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature