log files

Raymond Barber
Raymond Barber used Ask the Experts™
on
I have a file called /var/log/secure. I have changed the permissions to 640 however, every morning it changes back to 644. I checked the logrotate config and that is also set at 640. What is the problem here?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jason CarsonComputer Technician
Top Expert 2015

Commented:
Is there anything being run every morning via cron that could be causing it?
Distinguished Expert 2017

Commented:
Within logrotate when it rotates, do you have it set the permissions to create the file if not, the permissions are set when the first event is sent to syslog/rsyslog or ssh creates the file at which the unmask settings which are commonly 022 is what results in the new files permission settings.
Have you given thought to setting the permission on the log to 751 or 750?
nociSoftware Engineer
Distinguished Expert 2018

Commented:
@arnold, why would the x bit be needed? Do like the files to be executable?
For files the default create mask = 666 with umask 022 => 644.

Setting umask to 026 in the startupscript of the syslog daemon would solve the issue.  from that side
Otherwise explicitely creating the file from logrotate with touch, and then chmodding them to 640 BEFORE restarting syslog daemon may help as well.
Distinguished Expert 2017
Commented:
the x bit set I recommended is on the directory log (should have made it clearer using full path ....) not on the file.
logrotate has the create mode owner group file directive that is preferred to touch since touch would follow umask rules.

i.e. create 0600 root group, which will create the file being rotated not sure why would you want to grant a group access to the /var/log/secure file?
Raymond BarberSenior Linux Systems Engineer

Author

Commented:
Thanks Arnold. As a part of our global policy I need to have the file structure set this way. I am not a fan just following the rules. Thanks for the feedback much appreciated.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial