Seems to fix things for me, and auth.log is getting entries... My guess is that /usr/lib/tmpfiles.d/00rsyslog.conf is incomplete? and that we need to override more permissions in it?
In that case, it sounds like a bug in rsyslog, for not having right permissions specified in tmpfiles.d?
Hmmm.... is rsyslog failing to write things to files?
Apr 07 15:15:01 sochi rsyslogd[2023]: action 'action 6' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.32.0 try http:// www.rsyslog. co www.rsyslog. com/e/2359 ]
Apr 07 15:15:01 sochi rsyslogd[2023]: action 'action 6' resumed (module 'builtin:omfile') [v8.32.0 try http://
I see a lot of stuff like that from rsyslog.
syslog 2023 0.0 0.0 347096 5648 ? Ssl Apr06 0:08 /usr/sbin/rsyslogd -n
$ ls -latr auth.log
-rw-r----- 1 root adm 0 Jul 14 2014 auth.log
How can a syslog user write to a root owned file?
<insert mem gif of geometry confusion / does not compute>
$ sudo chown syslog:adm /var/log/auth.log; sudo systemctl restart rsyslog
Seems to fix things for me, and auth.log is getting entries... My guess is that /usr/lib/ tmpfiles. d/00rsyslog. conf is incomplete? and that we need to override more permissions in it?
In that case, it sounds like a bug in rsyslog, for not having right permissions specified in tmpfiles.d?