I've set an extended file acl, through setfacl, granting a user read rights
to /var/log/messages This works like a charm.
However every time the file is rotated through logrotate the extended file
acl gets lost.
In /etc/logrotate.d/syslog the following is defined;

/var/log/warn /var/log/messages /var/log/allmessages /var/log/localmessages /var/log/firewall /var/log/acpid /var/log/NetworkManager {
compress
dateext
maxage 365
rotate 99
missingok
notifempty
size +4096k
create 640 root root
sharedscripts
postrotate
/etc/init.d/syslog reload > /dev/null
endscript
}

This tells logrotate to create a new file with permissions 640 with owner root:root
I'm guessing this is what causes the extended acl to be dropped. As far I know logrotate
should keep the existing permissions of the file when creating the new one, or am I wrong?
What needs to be done to keep the existing config for how /var/log/messages is rotated while
keep the extended acl permission as well?

Thanks