I'm still digging into the specifics, but it looks like these files play a role in the permissions management of /var/log at boot time:
/usr/lib/tmpfiles.d/var.conf/usr/lib/tmpfiles.d/00rsyslog.conf
Ironically I found them when I ran grep -ri '/var/log' /var/log on an Ubuntu 16.04 box and saw this message:
./syslog.1:Jul 9 21:18:15 ubuntu-virtual-machine systemd-tmpfiles[616]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring.
I looked in that file and found this:
# This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # See tmpfiles.d(5) for details q /var 0755 - - - L /var/run - - - - ../run d /var/log 0755 - - - f /var/log/wtmp 0664 root utmp - f /var/log/btmp 0600 root utmp - d /var/cache 0755 - - - d /var/lib 0755 - - - d /var/spool 0755 - - -
I started tweaking the values for the d /var/log 0755 - - - line, but with no discernable change from my efforts I looked around further in that directory and found the /usr/lib/tmpfiles.d/00rsyslog.conf file.
In that file:
# Override systemd's default tmpfiles.d/var.conf to make /var/log writable by # the syslog group, so that rsyslog can run as user. # See tmpfiles.d(5) for details. # Type Path Mode UID GID Age Argument d /var/log 0775 root syslog -
root@ubuntu-virtual-machine:/usr/lib/tmpfiles.d# dpkg -S /usr/lib/tmpfiles.d/00rsyslog.conf
rsyslog: /usr/lib/tmpfiles.d/00rsyslog.conf
So the rsyslog package provides a conf include file that attempts to override the values set within the tmpfiles.d/var.conf conf file.
So, when I uninstall rsyslog then the the tmpfiles.d/var.conf conf file settings apply, in this case 0755.
I'll need to research further into whether tmpfiles.d is intended only for package maintainers or whether sysadmins also need to manages files within that area.
