Running rsyslog in the foreground with debugging flags results in this sequence of messages:
2009.061284547:7f7636f81780: cnf:global:cfsysline: $PrivDropToUser syslog
2009.061356413:7f7636f81780: uid 101 obtained for user 'syslog'
2009.061373099:7f7636f81780: cnf:global:cfsysline: $PrivDropToGroup syslog
2009.061464895:7f7636f81780: gid 103 obtained for group 'syslog'
...
2009.173401545:7f763387f700: file '/var/log/syslog' opened as #-1 with mode 416
2009.173429557:7f763387f700: strm 0x7f762c000b70: open error 13, file '/var/log/syslog': Permission denied
As mentioned in other comments, possible workarounds are:
0. Touch (and ensure syslog:adm perm) on the file before the daemon starts
1. Make /var/log permissions more permissive (allowing adm to write to it).
I'm running into this as well.
On:
---
Description: Ubuntu 14.04 LTS
Release: 14.04
Codename: trusty
Running:
-------
rsyslog 7.4.4-1ubuntu2
/var/log permissions are: ------- ------- ------
-------
drwxrwxr-x 6 root root 4096 Apr 30 07:11 log
Running rsyslog in the foreground with debugging flags results in this sequence of messages:
2009.061284547: 7f7636f81780: cnf:global: cfsysline: $PrivDropToUser syslog 7f7636f81780: uid 101 obtained for user 'syslog' 7f7636f81780: cnf:global: cfsysline: $PrivDropToGroup syslog 7f7636f81780: gid 103 obtained for group 'syslog' 7f763387f700: file '/var/log/syslog' opened as #-1 with mode 416 7f763387f700: strm 0x7f762c000b70: open error 13, file '/var/log/syslog': Permission denied
2009.061356413:
2009.061373099:
2009.061464895:
...
2009.173401545:
2009.173429557:
As mentioned in other comments, possible workarounds are:
0. Touch (and ensure syslog:adm perm) on the file before the daemon starts
1. Make /var/log permissions more permissive (allowing adm to write to it).