Log files permissions always changed to root

[mister_v]

Hi,

I regularly get the following error messages for clamav

Code: Select all

ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).

When I check the permission of the log dir:

Code: Select all

/var/log/clamav/
total 1300
-rw-r----- 1 root   root         0 Jul 14 03:10 clamd.log
-rw-r----- 1 root   root        20 Jun 16 03:10 clamd.log-20130623.gz
-rw-r----- 1 root   root        20 Jun 23 03:10 clamd.log-20130630.gz
-rw-r--r-- 1 clamav clamav      20 Jul  6 15:00 clamd.log-20130707.gz
-rw-r----- 1 root   root        20 Jul  7 03:19 clamd.log-20130714.gz
-rw-r----- 1 root   root         0 Jul 14 03:10 freshclam.log
-rw-r----- 1 root   root        20 Jun 16 03:10 freshclam.log-20130623.gz
-rw-r----- 1 root   root        20 Jun 23 03:10 freshclam.log-20130630.gz
-rw-r----- 1 root   root       523 Jul  6 14:59 freshclam.log-20130707.gz
-rw-r----- 1 root   root        20 Jul  7 03:19 freshclam.log-20130714.gz

Somehow when archiving the the fileowner get set to root and "breaks" the log files.

Anyone knows why?

[mister_v]

I can change the owner with chown to clamav.
It then works until the next time when the archiving happens.

[Chris]

It is probably logrotate that is not correctly configured.

In the config file /etc/logrotate.conf
You should have section like this:

Code: Select all

/var/log/clamav {
    monthly
    rotate 5
    compress
    create 0600 clamav clamav
}

You can run logrotate with:

Code: Select all

logrotate -v /etc/logrotate.conf