I have a Turnkey LAPP appliance on which I installed Cacti. Cacti uses a poller technique and polling actions are written to /var/log/cacti/poller-error.log. Each weekend, something is changing the permissions on this file. The file should have permissions 775 (rwxrwxr-x) for cacti:www-data. Sometimes the permissions become root:root r--r--r--, sometimes www-data:www-data. Without the proper permissions for "Cacti", Cacti can't write to this log file and thus the graphs don't work. I can't see Cacti making this change and locking itself out, so I am tentatively pointing the finger at the Turnkey auto-security updates. My box is: Ubuntu 10.04.1 LTS \n \l. Is there anyway to determine what is making these changes...which again seem to only happen on the weekend?