Comment 7 for bug 149641

Apologies, but I have to correct/improve myself on the previous comment.
I have a feeling I was running an older version of logcheck.

If I run logcheck from cron with full path (certainly the ubuntu version) like this:

        sudo -u logcheck /usr/sbin/logcheck -op
        (given that I add /usr/bin/logcheck to /etc/sudoers with NOPASSWD)

or alernatively:
        Add a setuid logcheck to /usr/sbin/logcheck:
               sudo chown logcheck /usr/sbin/logcheck
               chmod u+s /usr/sbin/logcheck

Then, the offset files get created/updated under:
        /var/lib/logcheck/offset.var.log.<filename>

and the 'touch/chown' fix (step 2 above) is not necessary.

It is all hairy, but overall, the setuid checklog, setgid adm looks like the cleanest solution.
What is required is for all of the 3 conditions to be true:

     - /usr/sbin/logcheck can read all its configs under /etc/logcheck/*/*
     - /usr/sbin/logtail can write offset files under /var/lib/logcheck/*
     - /usr/sbin/logtail can read files under /var/log (some of which are user:group root:adm and not world readable)

Sorry.