Linux: How to enforce specific permissions on newly created logs which are created by log rotate?

log-files logrotate user-permissions

Solution 1:

logrotate has the create option: 

create mode owner group

Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated). mode specifies the mode for the log file in octal (the same as chmod(2)), owner specifies the user name who will own the log file, and group specifies the group the log file will belong to. Any of the log file attributes may be omitted, in which case those attributes for the new file will use the same values as the original log file for the omitted attributes. This option can be disabled using the nocreate option.

More info with man logrotate.

Use it like so: 

/var/log/maillog {
....
        create 664 user group
....
}

either in /etc/logrotate.conf or a separate file in /etc/logrotate.d and check if no other file already overrides this. How this is configured depends on your OS (e.g. on Ubuntu, this is handled in the rsyslog configuration).

Related

What is the wiring for a patch cable?
VirtualBox: issue with symlinks in shared folders [closed]
RFC 1918 address on open internet?
Restrict direct IP access to website
What RAM options do I need to know before buying Server RAM?
User accidentally messed up a Robocopy command and caused a bunch of folders to get created with corrupt security
Which is best for Django? Lighttpd or Nginx? Or maybe something else? [closed]
Amazon Route 53, restrict IAM user access to single record set
Does it matter where the CSR and key files for SSL certification are generated?
What are the implications of enabling the Recycle Bin feature in Active Directory?
HTTPS doesn't work with Safari
wheezy-updates on archive.debian.org returns 404 Not Found