logrotate skip the rotation of many files under /var/log due to bad group ownership

Status changed to 'Confirmed' because the bug affects multiple users.

This does not impact normal rotations (triggered by cron) as they use the top level file (/etc/logrotate.conf) that has this directive:

 # use the syslog group by default, since this is the owning group
 # of /var/log/syslog.
 su root syslog

Yesterday I upgraded rsyslog from 7.4.4-1ubuntu2 to 7.4.4-1ubuntu2.1 on two machines (logrotate was already at 3.8.7-1ubuntu1), & both of them gave me loads of "insecure permissions" in this morning's anacron output. What is the workaround --- fixing the su lines in the logrotate.conf files, or changing the ownership of the /var/log directories & files?

I had the same experience when upgrading rsyslog [rsyslog:amd64 (7.4.4-1ubuntu2, 7.4.4-1ubuntu2.1)]. I manually added:

 # use the syslog group by default, since this is the owning group
 # of /var/log/syslog.
 su root syslog

To top of the /etc/logrotate.conf, which resolved the problem.

Same problem here. Since I upgraded to Trusty Tahr syslog stopped rotating.
$ /var/log# ls -la syslog*
-rw-r----- 1 syslog adm 35897990 Sep 24 14:10 syslog
-rw-r----- 1 syslog adm 3083621 Aug 19 06:36 syslog.1
-rw-r----- 1 syslog adm 37647 Aug 18 06:43 syslog.2.gz
-rw-r----- 1 syslog adm 40009 Aug 17 06:42 syslog.3.gz
-rw-r----- 1 syslog adm 60140 Aug 16 06:39 syslog.4.gz
-rw-r----- 1 syslog adm 63035 Aug 15 06:38 syslog.5.gz
-rw-r----- 1 syslog adm 59387 Aug 14 06:40 syslog.6.gz
-rw-r----- 1 syslog adm 66224 Aug 13 06:30 syslog.7.gz

@Vinny: I have /etc/logrotate.conf as of 2014-01-22 containing:

# use the syslog group by default, since this is the owning group
# of /var/log/syslog.
su root syslog

Yet according to `find / -user syslog' and `find / -group syslog', I have no files with owning group syslog, I have log files with owning user syslog. /var/log/syslog's owning user/group is as posted by Alex Dicianu.

I've went through this problem just now. The changes described in #5 solved the problem for me as well.

The fix released in LP: #1258202 (logrotate version 3.8.6-1ubuntu2) adds those lines to the default logrotate.conf file, but I got some custom configs in mine and so I had to manually change it.

Of course it only works when it reads logrotate.conf, which I guess is not the case when you run this way:
 logrotate -df /etc/logrotate.d/rsyslog

Running either /etc/cron.daily/logrotate or "/usr/sbin/logrotate /etc/logrotate.conf" works fine. Maybe the config "su root syslog" should be the compile-time-default in Ubuntu so to avoid this situation. Don't know if it is possible.

Also, from what I understand reading man logrotate.conf, the "su root syslog" line only changes the user/group that the process of rotation will run as, which does not (necessarily) affect the owner and group of the log files: that is defined by the "create" directive (see the logrotate.conf man for that directive). That's why you don't see any files with group syslog, Uwe.

#8 is a good analysis... this change breaks manually running logrotate with a specific file as argument. It doesn't seem to affect automatic rotation due to the su line in /etc/logrotate.conf.

Seems that making root:syslog the default for all logrotate scripts would fix this behavior, as would reverting ownership of /var/log to root:root.

This is really annoying... the obvious fix is to revert the permissions and ownership of /var/log/ if possible.

But... why was the group changed? Anyone know?