Permission denied when logrotating dovecot.log
Hello guys
Having headaches here how to make logrotation for dovecot log files work. Having permission issues:
michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv
dovecot.daily
⏎
reading config file dovecot.daily
Handling 1 logs
rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
This is my current logrotation conf for dovecot:
/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }
And the /var/log folder has these permissions:
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
Any clues what's wrong?
Thanks Michael
--
Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand)
Mobile (text only) ... +64 21 261 89 81 Email ................ michael@binarykitchen.com Website .............. http://www.binarykitchen.com
Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
Hello guys
Having headaches here how to make logrotation for dovecot log files work. Having permission issues:
michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily
Handling 1 logs
rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
This is my current logrotation conf for dovecot:
/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }
And the /var/log folder has these permissions:
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
Any clues what's wrong?
As the message says:
because parent directory has insecure permissions (It's world writable or writable by group which is not "root")
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group).
Thank you. And what user/group/file perms does your dovecot.log file have?
- Michael
On 19/03/17 13:43, Richard wrote:
Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
Hello guys
Having headaches here how to make logrotation for dovecot log files work. Having permission issues:
michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily
Handling 1 logs
rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
This is my current logrotation conf for dovecot:
/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }
And the /var/log folder has these permissions:
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
Any clues what's wrong?
As the message says:
because parent directory has insecure permissions (It's world writable or writable by group which is not "root")
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group).
--
Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand)
Mobile (text only) ... +64 21 261 89 81 Email ................ michael@binarykitchen.com Website .............. http://www.binarykitchen.com
Date: Sunday, March 19, 2017 14:56:01 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
On 19/03/17 13:43, Richard wrote:
Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
Hello guys
Having headaches here how to make logrotation for dovecot log files work. Having permission issues:
michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily
Handling 1 logs
rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
This is my current logrotation conf for dovecot:
/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }
And the /var/log folder has these permissions:
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
Any clues what's wrong?
As the message says:
because parent directory has insecure permissions (It's world writable or writable by group which is not "root")
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group).
Thank you. And what user/group/file perms does your dovecot.log file have?
- Michael
I log dovecot via syslog to [/var/log/]maillog, rather than its own log file. That file is owned root.root and has permissions of 600.
Well, I tried the same but it didn't work.
Setting my dovecot.log to 600 with root:root is breaking my mail system. I am then unable to receive and open emails.
Had to apply an ugly hack
/var/log/dovecot*.log { su syslog syslog create 666 syslog syslog rotate 10 ... }
Like that anyone who wants to access/write to it, can do it and all works.
That's my problem. Do not know who/what/how to set this up correctly.
- Michael
On 19/03/17 15:12, Richard wrote:
Date: Sunday, March 19, 2017 14:56:01 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
On 19/03/17 13:43, Richard wrote:
Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
Hello guys
Having headaches here how to make logrotation for dovecot log files work. Having permission issues:
michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily
Handling 1 logs
rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
This is my current logrotation conf for dovecot:
/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }
And the /var/log folder has these permissions:
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
Any clues what's wrong? As the message says:
because parent directory has insecure permissions (It's world writable or writable by group which is not "root")
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group). Thank you. And what user/group/file perms does your dovecot.log file have?
- Michael
I log dovecot via syslog to [/var/log/]maillog, rather than its own log file. That file is owned root.root and has permissions of 600.
--
Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand)
Mobile (text only) ... +64 21 261 89 81 Email ................ michael@binarykitchen.com Website .............. http://www.binarykitchen.com
Date: Sunday, March 19, 2017 15:28:35 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
On 19/03/17 15:12, Richard wrote:
Date: Sunday, March 19, 2017 14:56:01 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
On 19/03/17 13:43, Richard wrote:
Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
Hello guys
Having headaches here how to make logrotation for dovecot log files work. Having permission issues:
michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily
Handling 1 logs
rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
This is my current logrotation conf for dovecot:
/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }
And the /var/log folder has these permissions:
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
Any clues what's wrong? As the message says:
because parent directory has insecure permissions (It's world writable or writable by group which is not "root")
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group). Thank you. And what user/group/file perms does your dovecot.log file have?
- Michael
I log dovecot via syslog to [/var/log/]maillog, rather than its own log file. That file is owned root.root and has permissions of 600.
Well, I tried the same but it didn't work.
Setting my dovecot.log to 600 with root:root is breaking my mail system. I am then unable to receive and open emails.
Had to apply an ugly hack
/var/log/dovecot*.log { su syslog syslog create 666 syslog syslog rotate 10 ... }
Like that anyone who wants to access/write to it, can do it and all works.
That's my problem. Do not know who/what/how to set this up correctly.
- Michael
I would be inclined to just log dovecot to the syslog mail facility, which I believe is the default (in 10-logging.conf) -- in the RHEL setup anyway, and what I do:
log_path = syslog
syslog_facility = mail
Well, I'd rather to have dovecot log alone in one log file.
My initial question is that user/group and file permissions to use??
On 19/03/17 15:40, Richard wrote:
Date: Sunday, March 19, 2017 15:28:35 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
On 19/03/17 15:12, Richard wrote:
Date: Sunday, March 19, 2017 14:56:01 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
On 19/03/17 13:43, Richard wrote:
Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger <michael.heuberger@binarykitchen.com>
Hello guys
Having headaches here how to make logrotation for dovecot log files work. Having permission issues:
michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily
Handling 1 logs
rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
This is my current logrotation conf for dovecot:
/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }
And the /var/log folder has these permissions:
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
Any clues what's wrong? As the message says:
because parent directory has insecure permissions (It's world writable or writable by group which is not "root")
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group). Thank you. And what user/group/file perms does your dovecot.log file have?
- Michael
I log dovecot via syslog to [/var/log/]maillog, rather than its own log file. That file is owned root.root and has permissions of 600. Well, I tried the same but it didn't work.
Setting my dovecot.log to 600 with root:root is breaking my mail system. I am then unable to receive and open emails.
Had to apply an ugly hack
/var/log/dovecot*.log { su syslog syslog create 666 syslog syslog rotate 10 ... }
Like that anyone who wants to access/write to it, can do it and all works.
That's my problem. Do not know who/what/how to set this up correctly.
- Michael
I would be inclined to just log dovecot to the syslog mail facility, which I believe is the default (in 10-logging.conf) -- in the RHEL setup anyway, and what I do:
log_path = syslog
syslog_facility = mail
--
Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand)
Mobile (text only) ... +64 21 261 89 81 Email ................ michael@binarykitchen.com Website .............. http://www.binarykitchen.com
Am 19. März 2017 07:21:20 MEZ schrieb Michael Heuberger <michael.heuberger@binarykitchen.com>:
Well, I'd rather to have dovecot log alone in one log file. Let dovecot log to syslog and set syslog_facility = local5 and configure your syslog daemon to write log data for that facility to a separate file. No need to mess with permissions. My initial question is that user/group and file permissions to use??
-- Christian Kivalo
Please don't top post.
On 18-03-2017 22:56, Michael Heuberger wrote:
Thank you. And what user/group/file perms does your dovecot.log file have?
Here I have drwxr-xr-x 2 root root 4096 Mar 19 06:25 /var/log/dovecot/
And the files are -rw------- 1 root root 4110 Mar 19 07:57 info.log -rw------- 1 root root 0 Mar 19 06:25 main.log
-- No-one would remember the Good Samaritan if he had only had good intentions. He had money as well. -- Margaret Thatcher
Eduardo M KALINOWSKI eduardo@kalinowski.com.br
Michael,
You should probably just chmod 600 your dovecot.log file. Here's mine (debian 8):
root@messagerie-secours[CHROOT][10.10.10.19] ~ # ls /var/log/dovecot.log -rw------- 1 root root 8.3M Mar 22 16:40 /var/log/dovecot.log root@messagerie-secours[CHROOT][10.10.10.19] ~ #
And here are the permissions for my /var/log directory :
root@messagerie-secours[CHROOT][10.10.10.19] ~ # ls -d /var/log/ drwxr-xr-x 11 root root 4.0K Mar 22 06:25 /var/log/ root@messagerie-secours[CHROOT][10.10.10.19] ~ #
-- Yassine.
participants (5)
-
chaouche yacine
-
Christian Kivalo
-
Eduardo M KALINOWSKI
-
Michael Heuberger
-
Richard