Hmmm.... is rsyslog failing to write things to files?

Apr 07 15:15:01 sochi rsyslogd[2023]: action 'action 6' suspended (module 
'builtin:omfile'), retry 0. There should be messages before this one giving the 
reason for suspension. [v8.32.0 try
Apr 07 15:15:01 sochi rsyslogd[2023]: action 'action 6' resumed (module 
'builtin:omfile') [v8.32.0 try ]

I see a lot of stuff like that from rsyslog.

syslog    2023  0.0  0.0 347096  5648 ?        Ssl  Apr06   0:08
/usr/sbin/rsyslogd -n

$ ls -latr auth.log
-rw-r----- 1 root adm 0 Jul 14  2014 auth.log

How can a syslog user write to a root owned file?

<insert mem gif of geometry confusion / does not compute>

$ sudo chown syslog:adm /var/log/auth.log; sudo systemctl restart

Seems to fix things for me, and auth.log is getting entries... My guess
is that /usr/lib/tmpfiles.d/00rsyslog.conf is incomplete? and that we
need to override more permissions in it?

In that case, it sounds like a bug in rsyslog, for not having right
permissions specified in tmpfiles.d?

** Changed in: rsyslog (Ubuntu Bionic)
   Importance: Undecided => Critical

** Changed in: systemd (Ubuntu Bionic)
   Importance: Critical => Medium

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  journald takes over /dev/log in bionic, impacts usability of syslog

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to