logrotate.service failed due to bad permissions on /var/log/sssd/*.log

[Nemric]

Describe the bug

Fedora CoreOS 41.20240916.1.0
Tracker: https://github.com/coreos/fedora-coreos-tracker
Discuss: https://discussion.fedoraproject.org/tag/coreos

Last login: Tue Sep 17 19:17:17 2024 from 192.168.10.58
[systemd]
Failed Units: 1
  logrotate.service

core@Turing:~$ journalctl -eu logrotate.service 
Sep 18 00:38:22 Turing systemd[1]: Starting logrotate.service - Rotate log files...
Sep 18 00:38:22 Turing logrotate[330652]: error: skipping "/var/log/sssd/*.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Sep 18 00:38:22 Turing systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE
Sep 18 00:38:22 Turing systemd[1]: logrotate.service: Failed with result 'exit-code'.
Sep 18 00:38:22 Turing systemd[1]: Failed to start logrotate.service - Rotate log files.

Reproduction steps

Well, just upgrade and wait or manualy trigger logrotate.service I run FCOS on this machine since months/years so I don't know when these files get their first permissions that seems to be a problem now

Expected behavior

No failed units

Actual behavior

Having a failed unit after logrotate

System details

Baremetal PXE booted FCOS with /var mounted on HDD for data persistance

Butane or Ignition config

not relevant

Additional information

/var/log/sssd is empty and is owned by sssd:sssd

root@Turing:~# ls -lah /var/log/sssd/
total 4.0K
drwxrwx---.  2 sssd sssd    6 Apr 21  2023 .
drwxr-xr-x. 12 root root 4.0K Sep  1 00:00 ..

[tazihad]

Similar issue for rebasing Fedora kinoite 40 to kinoite 41 https://discussion.fedoraproject.org/t/rebase-to-fedora-41-kinoite-gives-error/

[travier]

Likely https://bugzilla.redhat.com/show_bug.cgi?id=2308428