From 2bd7cbd12c19df6b6e36783f76553499d26eec98 Mon Sep 17 00:00:00 2001
From: "A. Karl Kornel" <akkornel@stanford.edu>
Date: Wed, 7 Dec 2016 11:50:00 -0800
Subject: [PATCH] syslog: Ubuntu uses a non-root account for syslog files

---
 manifests/syslog.pp | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/manifests/syslog.pp b/manifests/syslog.pp
index e835e26..a046df0 100644
--- a/manifests/syslog.pp
+++ b/manifests/syslog.pp
@@ -25,8 +25,19 @@
 
 class base::syslog {
 
+  # Ubuntu uses a separate account for syslog
+  if ( $::operatingsystem == 'Ubuntu' ) {
+    $syslog_owner = 'syslog'
+    $syslog_group = 'adm'
+  } else {
+    $syslog_owner = 'root'
+    $syslog_group = 'root'
+  }
+
   base::syslog::config::syslog { '/etc/syslog.conf':
     ensure => present,
+    owner  => $syslog_owner,
+    group  => $syslog_group,
   }
 
   # RHEL4/5 are ancient and use syslog, everything modern uses rsyslog
@@ -42,7 +53,11 @@ class base::syslog {
       name      => 'rsyslog',
       hasstatus => true,
     }
-    base::syslog::config::rsyslog { '/etc/rsyslog.conf': ensure => present }
+    base::syslog::config::rsyslog { '/etc/rsyslog.conf':
+      ensure => present,
+      owner  => $syslog_owner,
+      group  => $syslog_group,
+    }
   }
 
   # Create a symlink from /var/log/syslog to /var/log/messages for the
-- 
GitLab