With systemd, core dumps are now stored in the journal.
For now that's fine to me, except it seems I can't retrieve my core dumps as a regular user, only root seems to be able to get a useful use of systemd-coredumpctl.
I did search the forum but only managed to find ways to stop systemd to store dumps in the journal (like here for example).
What I am looking for is to make a proper use/configuration of systemd-coredumpctl that allows users to get access to the core they dump without root/sudoing.
Is there such a configuration or is the only way to revert to the "before systemd" behavior and avoid storing dumps in the journal?
I suspect if such a configuration exists it has to do with user right access to the journal, but I'm not sure about this (so have no idea how to do this :)
Thank you very much for any help!
If you are okay with using the sticky bit, you can use it to allow the binary to elevate its permissions. I'm not sure how safe this is, or what kinds of security risks may be brought about. If you are unfamiliar with this permission setting, a good example is the passwd command. You can use it to change the passowrd of your own normal user, which is to be expected. But in order to do so, it has to write to the /etc/shadow file, which it cannot do unless it is root. So when it is run by a normal user it is allowed to elevate its permissions in order to write to this file.
Edit: I vaguely remember something like this being brought up on the systemd mailing list, but I cannot remember what, if anything, came of it.
Last edited by WonderWoofy (2013-06-02 03:00:51)
Thank you WonderWoofy,
I'm not that familiar with the sticky bit, although what you are talking about for the passwd command rather seems to have to do with the setuid/setgid thing, which I'm not very familiar with neither, or perhaps it's just the same thing?
Anyway, I managed to retrieve my dumps as a regular user. As I thought access to the journal was the key, a look in /etc/group showed me that we now have a systemd-journal group.
Simply adding my user to this group gave him access to the journal, and I'm now able to dump the core stored in the journal as a regular user.
Could someone with a higher understanding of systemd than me confirm this is the way to go? (so I can mark the thread as solved)
Last edited by papadox (2013-06-02 04:55:56)
Ah so it does work without sudo for me... I guess something really did come of that thread on the mailing list.
A quick security side note about giving regular users access to the journal: it seems that users can retrieve their core dumps as well as any other core having been dumped by any process in the system.
If I'm not mistaking, this might lead to users being able to inspect dumps they were not supposed to see in the first place. I'm not sure this could grant them access to sensible information, but if you're picky about your system security, I thought it was a point worth mentioning.