Ok, I have a theory as to what is causing this bug and why it is hard to reproduce.
The /etc/logrotate.conf specifies "create" and later the logrotate.d/rsyslog lists a bunch of log files. The behavior of "create" is that it creates the new file copying the owner etc. from the existing file. However, this creates a window in rare cases where there is no existing log file for whatever reason, then the file is created with some default owner and group. The logrotate man page does not specify what the default is, but I'm guessing it's messagebus:adm given the large number of misc log files on my system with that mode. Unfortunately, once the file has the wrong mode, logrotate keeps patterning off it with each rotation, so you are stuck. One solution would be to specify "nocreate" in logrotate.d/rsyslog, so just don't rely on logrotate creating empty files. it seems easier to have rsyslog or whatever create the log files with the right mode etc, instead of having rsyslog do it 99.9% of the time, but logrotate the other 0.1% of the time and you have to keep them in sync. Or if creating empty log files at rotate time is important, use the create <owner> <group> option in logrotate.d/rsyslog to specify the right mode for the log files. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1059854 Title: auth.log is empty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1059854/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
