It seems that several log files in ubuntu server are owned by the user messagebus but that user is not the right one, according to this documentation for dropping privileges in rsyslog the following lines in /etc/rsyslog.conf config file define the user and group used for impersonating as another user and/or group after startup:
$PrivDropToUser syslog $PrivDropToGroup syslogAs you can see the owner of the log files mentioned before should be owned syslog user.
As indicated here by Dan Ballard first we need to list all files that have the incorrect owner using:
ls -l /var/log/ | grep messagebusThe previous command shows this output:
-rw-r----- 1 messagebus adm 0 oct 22 2012 kern.log -rw-r----- 1 messagebus adm 0 oct 22 2012 mail.err -rw-r----- 1 messagebus adm 0 oct 22 2012 mail.log -rw-r----- 1 messagebus adm 0 mar 13 06:26 syslog -rw-r----- 1 messagebus adm 0 oct 22 2012 ufw.logFinally Mr. Ballard says that you just go and delete those files and restart syslog, but be careful with the rm command ¿ok?
use something like this to delete your log files:
sudo rm -vi /var/log/syslogAnd this to restart syslog
service rsyslog restartIn my case I prefer not to delete those file but just change their owner using:
sudo chown syslog:syslog /var/log/syslog sudo chown syslog:syslog /var/log/kern.log sudo chown syslog:syslog /var/log/mail.err sudo chown syslog:syslog /var/log/mail.log sudo chown syslog:syslog /var/log/ufw.logWARNING: Don't try to change the owner of all files under /var/log because some of them may need to be owned by other user.
Until next time.