On Thu, Nov 10, 2016 at 11:21:15AM +0100, daniel curtis wrote: > $ ls -al /var/log/kern.log > -rw------- 1 root root 0 lis 9 11:44 /var/log/kern.log > > $ ls -al /var/log/kern.log.1 > -rw-r----- 1 syslog adm 1473399 lis 9 12:27 /var/log/kern.log.1 ## this > file can be opened by me > > $ ls -al /var/log/syslog > -rw------- 1 root root 0 lis 9 11:44 /var/log/syslog >
These are certainly strange modes. Have you installed any programs or tools that try to 'correct' security issues or enforce 'hardening' guidelines? I just checked a pristine 12.04 LTS system and found the following: -rw-r----- 1 syslog adm 38513 Nov 10 18:29 /var/log/kern.log -rw-r----- 1 syslog adm 44099 Nov 10 18:43 /var/log/syslog So 'chown syslog:adm /var/log/kern.log /var/log/syslog ; chmod 640 /var/log/kern.log /var/log/syslog' should fix your permissions. > > What should I do? Use chmod(1) command to set proper owners/permissions? If > yes - what is the proper command? And the last question: what could be > responsible for such situation? Could it be /etc/cron.daily/logrotate > profile? But how... It's possible that logrotate might have failed, in which case hopefully your dmesg or log files will include the DENIED lines involved. Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
