Rsyslog does not set read and write permission for group and everyone

Question

Rsyslog ignores read and write permission set with fileCreateMode for group and everyone.

I have set up a service to run my node application as such:

...
[Service]
WorkingDirectory=/opt/demo/app
User=appuser
Type=simple
ExecStart=/usr/bin/node myapp.js demo
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=myapp
...

Then I setup a myapp.conf file in /etc/rsyslog.d/ like this

if ($programname == 'myapp') then {
    action(
        type="omfile"
        File="/opt/demo/app/app.log"
        fileCreateMode="0640"
        fileOwner="appuser"
        fileGroup="mygroup"
    )
    stop
}

The log file gets created with the correct user and group but with 0600 permissions instead of 0640.

If I change fileCreateMode to 0777 then the file gets created with 0711.

I am using default rsyslog.conf, rsyslog version is 8.24.0-41, OS is CentOS 7.7

rsyslogd -N 1 does not throw any errors

You probably need to set the [umask](https://www.rsyslog.com/doc/v8-stable/configuration/global/options/rsconf1_umask.html). — meuh, Sep 18 '19 at 19:24
You are right. Setting $umask 0000 at the beginning of the conf file fixed my issue. — HomeIsWhereThePcIs, Sep 18 '19 at 19:36

score 4 · Accepted Answer · answered Jul 28 '20 at 14:11

4

If your rsyslogd is being started by systemd then your service definition, /usr/lib/systemd/system/rsyslog.service, probably contains a UMask restiction:

UMask=0066

This breaks any config in the rsyslogd.conf relating to masks and modes.

answered Jul 28 '20 at 14:11

st1710

56
2

so you just comment it out? – sarvesh.lad Jul 15 '21 at 15:18

Rsyslog does not set read and write permission for group and everyone

1 Answers1