Date: Sunday, March 19, 2017 15:28:35 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
On 19/03/17 15:12, Richard wrote:
Date: Sunday, March 19, 2017 14:56:01 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
On 19/03/17 13:43, Richard wrote:
Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
Hello guys
Having headaches here how to make logrotation for dovecot log files work. Having permission issues:
michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily
Handling 1 logs
rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
This is my current logrotation conf for dovecot:
/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }
And the /var/log folder has these permissions:
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
Any clues what's wrong? As the message says:
because parent directory has insecure permissions (It's world writable or writable by group which is not "root")
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group). Thank you. And what user/group/file perms does your dovecot.log file have?
- Michael
I log dovecot via syslog to [/var/log/]maillog, rather than its own log file. That file is owned root.root and has permissions of 600.
Well, I tried the same but it didn't work.
Setting my dovecot.log to 600 with root:root is breaking my mail system. I am then unable to receive and open emails.
Had to apply an ugly hack
/var/log/dovecot*.log { su syslog syslog create 666 syslog syslog rotate 10 ... }
Like that anyone who wants to access/write to it, can do it and all works.
That's my problem. Do not know who/what/how to set this up correctly.
- Michael
I would be inclined to just log dovecot to the syslog mail facility, which I believe is the default (in 10-logging.conf) -- in the RHEL setup anyway, and what I do:
log_path = syslog
syslog_facility = mail