How to change the default permissions of log files created by rsyslog?

The user wants to change the default permissions of the log file /var/log/messages to make it world-writeable. How can this be done using rsyslog?

 

Solution

 

The /etc/syslog.conf file is the configuration file for the syslogd daemon that tells the daemon where to send the log entries it receives. $FileCreateMode and $umask are the two relevant directives defined the the sryslog configuration file that can be utilized as many times as needed to configure permissions on rsyslog-created log files.

 

The default values of these parameter are:

  • $FileCreateMode 0644
  • $umask 0077

 

If the $umask directives are not present in a rsyslog configuration, all files will be created with 600 permissions, i.e. rw——-, regardless of the use of any $FileCreateMode directives.

 

Making /var/log/messages file world-writable

 

To make a log file world-readable, simply add a $umask 0022 directive immediately before the rule that creates the log file (and be sure to reset the umask after that rule). For example:

 

$umask 0022    # FileCreationMode defaults to 644, so does not need to be modified

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

$umask 0077  # Reset the umask so /var/log/secure stays 600

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

 

Troubleshooting

For simplicity’s sake, $umask can be completely ignored and file-permissions can be controlled entirely by the usage of $FileCreateMode. To go this route, set $umask 0000 at the beginning of rsyslog.conf and then use $FileCreateMode as required. If $umask is specified multiple times in the configuration file, results may be unpredictable. It is recommended to specify it only once.

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)