How to Change Default Permissions of /var/log on Linux

By default, /var/log/messages* are created with read-write permissions for ‘root’ user only. There might be a requirement to make the log files world readable for eg to allow an application to read and process the data in it.

It is best to only change $umask once and use $FileCreateMode instead to change the mode.

Add the $umask near the top of the configuration file, such as at the top of the GLOBAL DIRECTIVES section of /etc/rsyslog.conf. Make sure it is set before any $IncludeConfig directives. Use $umask 0022 to stop files from being able to be written to by anyone, or $umask 0000 to remove all restrictions for $FileCreateMode. GLOBAL DIRECTIVES

$umask 0022

Set $FileCreateMode right before the rule that creates the file. It might look something like shown below.

$FileCreateMode 0644
*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.
$FileCreateMode 0600
authpriv.* /var/log/secure