first of all,
logrotate doesn’t support group names with spaces at the moment. So don’t try to do that. Use a different group instead.
Why are you placing users in a group used for machines? That doesn’t make a lot of sense to me. Note that this also widens access in unexpected ways. For example, the SSL certificates and their private keys in
/etc/univention/ssl (which amounts to all SSL certificates for the whole UCS domain) are readable for members of the
DC Backup Hosts group so that DC Backup machines can copy the certificates from the DC Master.
Don’t do that.
Why do you think that
/etc/resolv.conf (and therefore the template it’s generated from) has anything to do with
resolv.conf is used for configuring DNS resolution.
No, that’s completely unrelated.
logrotate doesn’t search groups directly in
/etc/group, it uses the default NSS (Name Service Switching) system. That is configured via
/etc/nsswitch.conf. On a UCS system this means that group names are looked up in LDAP, too. You can use an LDAP group in
logrotate, just not one with spaces in its name because, as I said,
logrotate doesn’t support spaces in group names.