ansible/common: adjust permissions on /var/log/journal; r?dividehex
By convention on CentOS 7, the systemd-journal group is used to grant
access to the journal.
This commit modifies the group owner of /var/log/journal to that
group and sets the setgid bit so sub-directories inherit group
ownership. This will allow users in the systemd-journal group to
read files therein.
MozReview-Commit-ID: HE34q0RPOZd
--- a/ansible/roles/common/tasks/journald.yml
+++ b/ansible/roles/common/tasks/journald.yml
@@ -2,10 +2,10 @@
# By default, journald.conf uses Storage=auto. Without a /var/log/journal
# file, journald logs aren't persisted to disk. If the directory exists,
# the logs are persisted.
- name: create /var/log/journal
file: path=/var/log/journal
state=directory
owner=root
- group=root
- mode=0755
+ group=systemd-journal
+ mode=2755