From 1ba983e0be490dbff1085e8f0c6fe2af1d4290e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 16 Feb 2022 18:10:16 +0100 Subject: [PATCH] Specify owner of /var/log/journal as root in the rpm listing $ rpm -qlv systemd |grep -v 'root root' -rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /run/utmp -rw-rw---- 1 root utmp 0 Jan 22 03:38 /var/log/btmp -rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /var/log/lastlog -rw-rw-r-- 1 root utmp 0 Jan 22 03:38 /var/log/wtmp drwxr-sr-x 2 root systemd- 0 Jan 22 03:38 /var/log/journal During installation rpm would log an error that systemd-journal group is unknown. We create all our users by calling sysusers in the %post scriptlet, but that is too late. To avoid the warning we could either add a %pre scriptlet, but that'd require adding a dependency on shadow-utils for groupadd, since we can't use our own tools before we are installed. Let's instead create the directory owned by root.root, and change the group afterwards. The group ownership is for file ownership, and in the worst case (we don't assign the group or set mode +s), unprivileged users will not be able to read the logs. We also use 'utmp' group, but that is provided by setup.rpm and is not an issue. https://bugzilla.redhat.com/show_bug.cgi?id=2018913#c24 --- systemd.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/systemd.spec b/systemd.spec index f126eec..61cc101 100644 --- a/systemd.spec +++ b/systemd.spec @@ -715,7 +715,7 @@ python3 %{SOURCE2} %buildroot < - 250.3-3 - Drop scriptlet for handling nobody user upgrades from Fedora <28 +- Specify owner of /var/log/journal as root in the rpm listing (#2018913) * Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek - 250.3-3 - Add pam_namespace to systemd-user pam config (rhbz#2053098)