Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#805617: systemd: journalctl --system as user: "No journal files were found"
234 views
Skip to first unread message
Andreas Krüger
Nov 20, 2015, 5:30:03 AM11/20/15
to
Package: systemd
Version: 215-17+deb8u2
Severity: normal
Dear maintainers,
summary: Permission problem with files created
below /var/log/journal, systemd-journal group
cannot read.
Details:
On this Jessie system, as a user that's a member
of the systemd-journal group, I run some
`journalctl --system ...` command and get
the error message `No journal files were found.`.
This is not the behaviour I expect,
as, according to the journalctl manual page,
> ... users who are members of the "systemd-journal"
> group get access to the system journal ...
Doing the same command as root produces the expected output.
This seems to be a permission problem regarding the
files in /var/log/journal (which exists on my machine).
Temporary workaround:
As root, I navigate to /var/log/journal and execute
chgrp systemd-journal */*
Afterwards, the user can run `journalctl --system ...` and get
the expected output.
This workaround will not help in the long run,
as new directories or files are created below /var/log/journal.
Regards, and thank you for providing fine software,
Andreas
-- Package-specific info:
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii acl 2.2.52-2
ii adduser 3.113+nmu3
ii initscripts 2.88dsf-59
ii libacl1 2.2.52-2
ii libaudit1 1:2.4-1+b1
ii libblkid1 2.25.2-6
ii libc6 2.19-18+deb8u1
ii libcap2 1:2.24-8
ii libcap2-bin 1:2.24-8
ii libcryptsetup4 2:1.6.6-5
ii libgcrypt20 1.6.3-2
ii libkmod2 18-3
ii liblzma5 5.1.1alpha+20120614-2+b3
ii libpam0g 1.1.8-3.1
ii libselinux1 2.3-2
ii libsystemd0 215-17+deb8u2
ii mount 2.25.2-6
ii sysv-rc 2.88dsf-59
ii udev 215-17+deb8u2
ii util-linux 2.25.2-6
Versions of packages systemd recommends:
ii dbus 1.8.20-0+deb8u1
ii libpam-systemd 215-17+deb8u2
Versions of packages systemd suggests:
ii systemd-ui 3-2
-- Configuration Files:
/etc/systemd/journald.conf changed:
[Journal]
ForwardToSyslog=no
-- no debconf information
Version: 215-17+deb8u2
Severity: normal
Dear maintainers,
summary: Permission problem with files created
below /var/log/journal, systemd-journal group
cannot read.
Details:
On this Jessie system, as a user that's a member
of the systemd-journal group, I run some
`journalctl --system ...` command and get
the error message `No journal files were found.`.
This is not the behaviour I expect,
as, according to the journalctl manual page,
> ... users who are members of the "systemd-journal"
> group get access to the system journal ...
Doing the same command as root produces the expected output.
This seems to be a permission problem regarding the
files in /var/log/journal (which exists on my machine).
Temporary workaround:
As root, I navigate to /var/log/journal and execute
chgrp systemd-journal */*
Afterwards, the user can run `journalctl --system ...` and get
the expected output.
This workaround will not help in the long run,
as new directories or files are created below /var/log/journal.
Regards, and thank you for providing fine software,
Andreas
-- Package-specific info:
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii acl 2.2.52-2
ii adduser 3.113+nmu3
ii initscripts 2.88dsf-59
ii libacl1 2.2.52-2
ii libaudit1 1:2.4-1+b1
ii libblkid1 2.25.2-6
ii libc6 2.19-18+deb8u1
ii libcap2 1:2.24-8
ii libcap2-bin 1:2.24-8
ii libcryptsetup4 2:1.6.6-5
ii libgcrypt20 1.6.3-2
ii libkmod2 18-3
ii liblzma5 5.1.1alpha+20120614-2+b3
ii libpam0g 1.1.8-3.1
ii libselinux1 2.3-2
ii libsystemd0 215-17+deb8u2
ii mount 2.25.2-6
ii sysv-rc 2.88dsf-59
ii udev 215-17+deb8u2
ii util-linux 2.25.2-6
Versions of packages systemd recommends:
ii dbus 1.8.20-0+deb8u1
ii libpam-systemd 215-17+deb8u2
Versions of packages systemd suggests:
ii systemd-ui 3-2
-- Configuration Files:
/etc/systemd/journald.conf changed:
[Journal]
ForwardToSyslog=no
-- no debconf information
Michael Biebl
Nov 20, 2015, 7:00:02 AM11/20/15
to
Am 20.11.2015 um 10:44 schrieb Andreas Krüger:
> Package: systemd
> Version: 215-17+deb8u2
> Severity: normal
>
> Dear maintainers,
>
> summary: Permission problem with files created
> below /var/log/journal, systemd-journal group
> cannot read.
>
> Details:
>
> On this Jessie system, as a user that's a member
> of the systemd-journal group, I run some
> `journalctl --system ...` command and get
> the error message `No journal files were found.`.
>
> This is not the behaviour I expect,
> as, according to the journalctl manual page,
>
>> ... users who are members of the "systemd-journal"
>> group get access to the system journal ...
>
> Doing the same command as root produces the expected output.
>
> This seems to be a permission problem regarding the
> files in /var/log/journal (which exists on my machine).
How exactly did you create the /var/log/journal directory?
> Package: systemd
> Version: 215-17+deb8u2
> Severity: normal
>
> Dear maintainers,
>
> summary: Permission problem with files created
> below /var/log/journal, systemd-journal group
> cannot read.
>
> Details:
>
> On this Jessie system, as a user that's a member
> of the systemd-journal group, I run some
> `journalctl --system ...` command and get
> the error message `No journal files were found.`.
>
> This is not the behaviour I expect,
> as, according to the journalctl manual page,
>
>> ... users who are members of the "systemd-journal"
>> group get access to the system journal ...
>
> Doing the same command as root produces the expected output.
>
> This seems to be a permission problem regarding the
> files in /var/log/journal (which exists on my machine).
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
Michael Biebl
Nov 20, 2015, 9:30:03 AM11/20/15
to
Am 20.11.2015 um 12:52 schrieb Michael Biebl:
>
>
> How exactly did you create the /var/log/journal directory?
Fwiw, I will clarify the documentation in /usr/share/doc/README.Debian,
that the /var/log/journal directory should be created 2755
root:systemd-journal
The set-group ID ensures that newly created directories and files under
/var/log/journal are owned by root:systemd-journal.
Andreas Krüger
Nov 21, 2015, 8:10:02 AM11/21/15
to
Hello, Michael,
my source of information on the creation of /var/log/journal had been
the systemd-journald man page:
> By default, the journal stores log data in /run/log/journal/. Since
> /run/ is volatile, log data is lost at reboot. To make the data
> persistent, it is sufficient to create /var/log/journal/ where
> systemd-journald will then store the data.
Reading that, I had done a simple `mkdir /var/log/journal` as root
and left it at that.
> Fwiw, I will clarify the documentation in /usr/share/doc/README.Debian,
Fine! Could you please also augment the systemd-journald manual page?
Regards, and thank you for providing fine software
Andreas
my source of information on the creation of /var/log/journal had been
the systemd-journald man page:
> By default, the journal stores log data in /run/log/journal/. Since
> /run/ is volatile, log data is lost at reboot. To make the data
> persistent, it is sufficient to create /var/log/journal/ where
> systemd-journald will then store the data.
Reading that, I had done a simple `mkdir /var/log/journal` as root
and left it at that.
> Fwiw, I will clarify the documentation in /usr/share/doc/README.Debian,
Regards, and thank you for providing fine software
Andreas Krüger
Nov 21, 2015, 9:00:03 AM11/21/15
to
Hello, Michael,
you asked:
> Can you also send us the output of
> ls -la /var/log/journal
I'm not sure this is still needed, but I'll leave that for you to
decide. The following is after my initial workaround, no additional
change beyond that.
In passing: It strikes me as somewhat inconsequential that the
software produces fine-tuned ACL, but I as the admin I have to
remember to set the g+s bit on the directory for that ACL to do any
good. That's not a big issue, though.
Regards, Andreas
> Script started on Sa 21 Nov 2015 13:20:11 CET
> root@falcon:~
> # ls -laR /var/log/journal/
> /var/log/journal/:
> insgesamt 20
> drwxr-xr-x 3 root root 4096 Nov 9 16:49 .
> drwxr-xr-x 17 root root 12288 Nov 20 11:37 ..
> drwxr-xr-x 2 root root 4096 Nov 11 13:08 a40db01e5f2643f68bc99238f1b07903
>
> /var/log/journal/a40db01e5f2643f68bc99238f1b07903:
> insgesamt 311328
> drwxr-xr-x 2 root root 4096 Nov 11 13:08 .
> drwxr-xr-x 3 root root 4096 Nov 9 16:49 ..
> -rw-r----- 1 root systemd-journal 134217728 Nov 11 13:08
sys...@e41bf2c7805949d5aded2b24d60f8cef-0000000000000001-000522a3bb30b625.journal
> -rw-r----- 1 root systemd-journal 92274688 Nov 21 13:20 system.journal
> -rw-r-----+ 1 root systemd-journal 8388608 Nov 11 13:08
user...@5903d660b88f444d884298a8dc4324c1-000000000001d6d8-0005241dac321f96.journal
> -rw-r-----+ 1 root systemd-journal 25165824 Nov 21 13:15 user-1000.journal
> -rw-r-----+ 1 root systemd-journal 8388608 Nov 11 13:08
user...@09ef76898b3844bda80636b8d1ab57b0-000000000001d6d4-0005241daa1d6d25.journal
> -rw-r-----+ 1 root systemd-journal 33554432 Nov 21 13:15 user-1001.journal
> -rw-r-----+ 1 root systemd-journal 8388608 Nov 11 13:08
user-...@4bc5536f47f44143b0418cdf0391a240-000000000001dc3e-0005241dec12aa4e.journal
> -rw-r-----+ 1 root systemd-journal 8388608 Nov 18 10:04 user-65534.journal
> root@falcon:~
> # getfacl -R /var/log/journal/
> getfacl: Entferne führende '/' von absoluten Pfadnamen
> # file: var/log/journal/
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> # file:
var/log/journal//a40db01e5f2643f68bc99238f1b07903/user-...@4bc5536f47f44143b0418cdf0391a240-000000000001dc3e-0005241dec12aa4e.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:nobody:r--
> group::r--
> mask::r--
> other::---
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903/system.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> group::r--
> other::---
>
> # file:
var/log/journal//a40db01e5f2643f68bc99238f1b07903/user...@09ef76898b3844bda80636b8d1ab57b0-000000000001d6d4-0005241daa1d6d25.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:andreas:r--
> group::r--
> mask::r--
> other::---
>
> # file:
var/log/journal//a40db01e5f2643f68bc99238f1b07903/sys...@e41bf2c7805949d5aded2b24d60f8cef-0000000000000001-000522a3bb30b625.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> group::r--
> other::---
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903/user-65534.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:nobody:r--
> group::r--
> mask::r--
> other::---
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903/user-1001.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:andreas:r--
> group::r--
> mask::r--
> other::---
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903/user-1000.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:andreask:r--
> group::r--
> mask::r--
> other::---
>
> # file:
var/log/journal//a40db01e5f2643f68bc99238f1b07903/user...@5903d660b88f444d884298a8dc4324c1-000000000001d6d8-0005241dac321f96.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:andreask:r--
> group::r--
> mask::r--
> other::---
>
> root@falcon:~
> # exit
>
> Script done on Sa 21 Nov 2015 13:20:42 CET
you asked:
> Can you also send us the output of
> ls -la /var/log/journal
decide. The following is after my initial workaround, no additional
change beyond that.
In passing: It strikes me as somewhat inconsequential that the
software produces fine-tuned ACL, but I as the admin I have to
remember to set the g+s bit on the directory for that ACL to do any
good. That's not a big issue, though.
Regards, Andreas
> Script started on Sa 21 Nov 2015 13:20:11 CET
> root@falcon:~
> # ls -laR /var/log/journal/
> /var/log/journal/:
> insgesamt 20
> drwxr-xr-x 3 root root 4096 Nov 9 16:49 .
> drwxr-xr-x 17 root root 12288 Nov 20 11:37 ..
> drwxr-xr-x 2 root root 4096 Nov 11 13:08 a40db01e5f2643f68bc99238f1b07903
>
> /var/log/journal/a40db01e5f2643f68bc99238f1b07903:
> insgesamt 311328
> drwxr-xr-x 2 root root 4096 Nov 11 13:08 .
> drwxr-xr-x 3 root root 4096 Nov 9 16:49 ..
> -rw-r----- 1 root systemd-journal 134217728 Nov 11 13:08
sys...@e41bf2c7805949d5aded2b24d60f8cef-0000000000000001-000522a3bb30b625.journal
> -rw-r----- 1 root systemd-journal 92274688 Nov 21 13:20 system.journal
> -rw-r-----+ 1 root systemd-journal 8388608 Nov 11 13:08
user...@5903d660b88f444d884298a8dc4324c1-000000000001d6d8-0005241dac321f96.journal
> -rw-r-----+ 1 root systemd-journal 25165824 Nov 21 13:15 user-1000.journal
> -rw-r-----+ 1 root systemd-journal 8388608 Nov 11 13:08
user...@09ef76898b3844bda80636b8d1ab57b0-000000000001d6d4-0005241daa1d6d25.journal
> -rw-r-----+ 1 root systemd-journal 33554432 Nov 21 13:15 user-1001.journal
> -rw-r-----+ 1 root systemd-journal 8388608 Nov 11 13:08
user-...@4bc5536f47f44143b0418cdf0391a240-000000000001dc3e-0005241dec12aa4e.journal
> -rw-r-----+ 1 root systemd-journal 8388608 Nov 18 10:04 user-65534.journal
> root@falcon:~
> # getfacl -R /var/log/journal/
> getfacl: Entferne führende '/' von absoluten Pfadnamen
> # file: var/log/journal/
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> # file:
var/log/journal//a40db01e5f2643f68bc99238f1b07903/user-...@4bc5536f47f44143b0418cdf0391a240-000000000001dc3e-0005241dec12aa4e.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:nobody:r--
> group::r--
> mask::r--
> other::---
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903/system.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> group::r--
> other::---
>
> # file:
var/log/journal//a40db01e5f2643f68bc99238f1b07903/user...@09ef76898b3844bda80636b8d1ab57b0-000000000001d6d4-0005241daa1d6d25.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:andreas:r--
> group::r--
> mask::r--
> other::---
>
> # file:
var/log/journal//a40db01e5f2643f68bc99238f1b07903/sys...@e41bf2c7805949d5aded2b24d60f8cef-0000000000000001-000522a3bb30b625.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> group::r--
> other::---
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903/user-65534.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:nobody:r--
> group::r--
> mask::r--
> other::---
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903/user-1001.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:andreas:r--
> group::r--
> mask::r--
> other::---
>
> # file: var/log/journal//a40db01e5f2643f68bc99238f1b07903/user-1000.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:andreask:r--
> group::r--
> mask::r--
> other::---
>
> # file:
var/log/journal//a40db01e5f2643f68bc99238f1b07903/user...@5903d660b88f444d884298a8dc4324c1-000000000001d6d8-0005241dac321f96.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> user:andreask:r--
> group::r--
> mask::r--
> other::---
>
> root@falcon:~
> # exit
>
> Script done on Sa 21 Nov 2015 13:20:42 CET
0 new messages