Comment 78 for bug 407862

On Sep 07, 2011, at 09:43 PM, Nikolaus Rath wrote:

>On 09/07/2011 02:16 PM, Barry Warsaw wrote:
>> At this point, what is the ownership and permissions on /var/log/syslog?
>
># ls -l /var/log/syslog
>-rw-rw-r-- 1 root adm 0 2011-09-07 10:11 /var/log/syslog

So the core problem here is that after logrotate, your /var/log/syslog is
owned by root instead of syslog.

>I've attached my logrotate.conf in case it matters.

Actually, it does! I'm sorry, I should have asked for a copy of that a long
time ago. :/ FWIW, I can reproduce the problem with your logrotate.conf
file.

Take a look at line 18:

-----snip snip-----
create 664 root adm
-----snip snip-----

From the manpage:

       create mode owner group
              Immediately after rotation (before the postrotate script is
              run) the log file is created (with the same name as the log
              file just rotated). mode specifies the mode for the log file
              in octal (the same as chmod(2)), owner specifies the user name
              who will own the log file, and group specifies the group the
              log file will belong to. Any of the log file attributes may be
              omitted, in which case those attributes for the new file will
              use the same values as the original log file for the omitted
              attributes. This option can be disabled using the nocreate
              option.

So, you're forcing all the new log files to be owned by root:adm, which breaks
rsyslogd. I'll bet that changing that line to just `create` will fix your
problem.

Now, here's a question: did you modify that line yourself, or did that come
with the package? My Lucid system just has `create` on a line by itself, so
I'm guessing you added that. If not, then is this machine updated from an
earlier version of Ubuntu? I think rsyslog 4.2.0-2ubuntu8.1 (which is what I
also have on my Lucid system) does not have that line in it.

In any case, I'm going to mark this bug as invalid, because I think we've
narrowed it down enough to know it's not a bug in rsyslog. Depending on your
response, we might need to open a new bug on logrotate.

Thanks so much for the excellent feedback!