DevHeads.net

read permission on rotated logs

When logs (e.g. /var/log/maillog) are rotated (e.g. to
/var/log/maillog-YYYYMDD) is there a way via systemd or whatever to
assign read permission to a specific group?

Right now, for example -

ls -l maillog*
-rw------- 1 root root 3105240 Mar 13 22:04 maillog
-rw------- 1 root root 1079031 Feb 24 04:39 maillog-20190224
-rw------- 1 root root 7237640 Mar 1 12:59 maillog-20190228
-rw------- 1 root root 1297508 Mar 3 04:21 maillog-20190303
-rw------- 1 root root 1319371 Mar 10 08:17 maillog-20190310

What I would like -

ls -l maillog*
-rw------- 1 root root 3105240 Mar 13 22:04 maillog
-rw-r----- 1 root somegroup 1079031 Feb 24 04:39 maillog-20190224
-rw-r----- 1 root somegroup 7237640 Mar 1 12:59 maillog-20190228
-rw-r----- 1 root somegroup 1297508 Mar 3 04:21 maillog-20190303
-rw-r----- 1 root somegroup 1319371 Mar 10 08:17 maillog-20190310

That way a user in somegroup could run a script that analyzes the
rotated logs w/o needing root privileges.

Obviously I could put a script in /etc/cron.hourly that looks for
rotated log files and changes ownership / permission, but I am wondering
if there is a "proper" way to configure it via systemd or another utility.