If Permissions of newly created log files do not carry over the custom permissions of previously rotated logs, follow the steps below.
Set the permissions of files as needed before rotating them.
# chmod 644 /var/log/messages
cd to /var/log and confirm the change in permissions.
# ls -l /var/log/ | grep messages -rw-r--r--. 1 root root 11517 Mar 24 00:29 messages -rw-------. 1 root root 66795 Mar 21 14:26 messages-20170321 -rw-------. 1 root root 5829 Mar 22 09:18 messages-20170322 -rw-------. 1 root root 7480 Mar 23 10:01 messages-20170323
Restart rsyslog as follows.
# service rsyslog restart
Execute the following logrotate command to manually rotate the logs in /var/log.
# logrotate -f /etc/logrotate.conf
Ensure that the new log file inherits the permissions of the older logs and that the older logs have been rotated.
# ls -l /var/log/ | grep messages -rw-r--r--. 1 root root 146 Mar 24 00:30 messages -rw-------. 1 root root 66795 Mar 21 14:26 messages-20170321 -rw-------. 1 root root 5829 Mar 22 09:18 messages-20170322 -rw-------. 1 root root 7480 Mar 23 10:01 messages-20170323 -rw-r--r--. 1 root root 11517 Mar 24 00:29 messages-20170324
When modifying a log file’s permissions, rsyslog must be restarted for the modification to take effect when the log is rotated.
When run, Logrotate keeps the original file’s permissions intact. In the case of rsyslog, the default settings in /etc/logrotate.conf are carried over because the drop-in directory does not provide any rights.
The “create” option in /etc/logrotate.conf, which has no specified arguments, is the particular setting that permits the permissions to transfer over.