On 27/04/2020 11:58, Brian Candler wrote:
Just a small note.
On a default Ubuntu 18.04 box with rsyslog-8.32.0, /var/log is owned
by root:syslog mode 775.
After upgrading to rsyslog-8.2002.0 from the adiscon PPA
<https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable>, /var/log
is still owned root:syslog, but changes to mode 755.
This means that the rsyslog daemon doesn't have permissions to create
new files under /var/log. This bit me on a scripted VM install, where
I'd replaced rsyslog with the adiscon version, *before* rsyslog had a
chance to create /var/log/syslog.
Obviously it's easy enough to fix once you know the issue, but I just
thought it was worth a mention in case anyone falls into this trap.
Or perhaps you could consider changing the mode of /var/log in the
adiscon package to match the stock Ubuntu install.
FYI,
Thanks to This stackexchange posting I found the underlying problem:
https://unix.stackexchange.com/questions/377376/permissions-on-var-log-reset-on-boot
(1) On a stock Ubuntu system, the rsyslog package contains a file
/usr/lib/tmpfiles.d/00rsyslog.conf which sets the permissions correctly:
$ cat /usr/lib/tmpfiles.d/00rsyslog.conf
# Override systemd's default tmpfiles.d/var.conf to make /var/log
writable by
# the syslog group, so that rsyslog can run as user.
# See tmpfiles.d(5) for details.
# Type Path Mode UID GID Age Argument
z /var/log 0775 root syslog -
z /var/log/auth.log 0640 syslog adm -
z /var/log/mail.err 0640 syslog adm -
z /var/log/mail.log 0640 syslog adm -
z /var/log/kern.log 0640 syslog adm -
z /var/log/syslog 0640 syslog adm -
d /var/spool/rsyslog 0700 syslog adm -
$ dpkg-query -S /usr/lib/tmpfiles.d/00rsyslog.conf
rsyslog: /usr/lib/tmpfiles.d/00rsyslog.conf
(2) On a system where rsyslog has been installed from the Adiscon PPA,
/usr/lib/tmpfiles.d/00rsyslog.conf does not exist. The permissions are
instead set from a systemd default file:
$ grep -R '/var/log ' /usr/lib/tmpfiles.d
/usr/lib/tmpfiles.d/var.conf:d /var/log 0755 - - -
$ dpkg-query -S /usr/lib/tmpfiles.d/var.conf
systemd: /usr/lib/tmpfiles.d/var.conf
This means even if you set the permissions correctly by hand, when you
next reboot the system, the directory reverts to mode 755 - argh!
Anyway, just thought you might like to know. If the Adison PPA is
Ubuntu-specific (which it appears to be, e.g.
"http://ppa.launchpad.net/adiscon/v8-stable/ubuntu bionic") then I think
it would be helpful to include this file in your packages.
Regards,
Brian Candler.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
