FWIW, here are some relevant GitHub issues/Pull Requests: https://github.com/rsyslog/rsyslog-pkg-ubuntu/issues/61 https://github.com/rsyslog/rsyslog-pkg-ubuntu/pull/93
I made a few remarks on the PR as it looks like one of the paths is missing a leading slash. -----Original Message----- From: rsyslog <[email protected]> On Behalf Of Brian Candler via rsyslog Sent: Saturday, June 6, 2020 11:40 AM To: [email protected] Cc: Brian Candler <[email protected]> Subject: Re: [rsyslog] rsyslog Ubuntu ppa: permissions on /var/log On 27/04/2020 11:58, Brian Candler wrote: > > Just a small note. > > On a default Ubuntu 18.04 box with rsyslog-8.32.0, /var/log is owned > by root:syslog mode 775. > > After upgrading to rsyslog-8.2002.0 from the adiscon PPA > <https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable>, /var/log > is still owned root:syslog, but changes to mode 755. > > This means that the rsyslog daemon doesn't have permissions to create > new files under /var/log. This bit me on a scripted VM install, where > I'd replaced rsyslog with the adiscon version, *before* rsyslog had a > chance to create /var/log/syslog. > > Obviously it's easy enough to fix once you know the issue, but I just > thought it was worth a mention in case anyone falls into this trap. > Or perhaps you could consider changing the mode of /var/log in the > adiscon package to match the stock Ubuntu install. > FYI, Thanks to This stackexchange posting I found the underlying problem: https://unix.stackexchange.com/questions/377376/permissions-on-var-log-reset-on-boot (1) On a stock Ubuntu system, the rsyslog package contains a file /usr/lib/tmpfiles.d/00rsyslog.conf which sets the permissions correctly: $ cat /usr/lib/tmpfiles.d/00rsyslog.conf # Override systemd's default tmpfiles.d/var.conf to make /var/log writable by # the syslog group, so that rsyslog can run as user. # See tmpfiles.d(5) for details. # Type Path Mode UID GID Age Argument z /var/log 0775 root syslog - z /var/log/auth.log 0640 syslog adm - z /var/log/mail.err 0640 syslog adm - z /var/log/mail.log 0640 syslog adm - z /var/log/kern.log 0640 syslog adm - z /var/log/syslog 0640 syslog adm - d /var/spool/rsyslog 0700 syslog adm - $ dpkg-query -S /usr/lib/tmpfiles.d/00rsyslog.conf rsyslog: /usr/lib/tmpfiles.d/00rsyslog.conf (2) On a system where rsyslog has been installed from the Adiscon PPA, /usr/lib/tmpfiles.d/00rsyslog.conf does not exist. The permissions are instead set from a systemd default file: $ grep -R '/var/log ' /usr/lib/tmpfiles.d /usr/lib/tmpfiles.d/var.conf:d /var/log 0755 - - - $ dpkg-query -S /usr/lib/tmpfiles.d/var.conf systemd: /usr/lib/tmpfiles.d/var.conf This means even if you set the permissions correctly by hand, when you next reboot the system, the directory reverts to mode 755 - argh! Anyway, just thought you might like to know. If the Adison PPA is Ubuntu-specific (which it appears to be, e.g. "http://ppa.launchpad.net/adiscon/v8-stable/ubuntu bionic") then I think it would be helpful to include this file in your packages. Regards, Brian Candler. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
