I took an alternative approach by having systemd run chmod after cloud-init starts, which avoid the need to otherwise touch cloud-init:
/etc/systemd/system/cloud-init-log-permissions.service
[Unit] Description=Correct cloud-init's logfile permissions
# We want to start *AFTER* cloud-init has opened its log files: After=cloud-init.service
# We want to restart any time cloud-init is restarted (requires RemainAfterExit below): PartOf=cloud-init.service
[Service] Type=oneshot RemainAfterExit=yes ExecStart=/usr/bin/chmod u=rw,g=r,o= /var/log/cloud-init.log /var/log/cloud-init-output.log
[Install] WantedBy=multi-user.target
I took an alternative approach by having systemd run chmod after cloud-init starts, which avoid the need to otherwise touch cloud-init:
/etc/systemd/ system/ cloud-init- log-permissions .service
[Unit]
Description=Correct cloud-init's logfile permissions
# We want to start *AFTER* cloud-init has opened its log files: init.service
After=cloud-
# We want to restart any time cloud-init is restarted (requires RemainAfterExit below): cloud-init. service
PartOf=
[Service] /usr/bin/ chmod u=rw,g=r,o= /var/log/ cloud-init. log /var/log/ cloud-init- output. log
Type=oneshot
RemainAfterExit=yes
ExecStart=
[Install] multi-user. target
WantedBy=