I've set an extended file acl, through setfacl, granting a user read rights
to /var/log/messages This works like a charm.
However every time the file is rotated through logrotate the extended file
acl gets lost.
In /etc/logrotate.d/syslog the following is defined;
This tells logrotate to create a new file with permissions 640 with owner root:root
I'm guessing this is what causes the extended acl to be dropped. As far I know logrotate
should keep the existing permissions of the file when creating the new one, or am I wrong?
What needs to be done to keep the existing config for how /var/log/messages is rotated while
keep the extended acl permission as well?