Thank you. And what user/group/file perms does your dovecot.log file have?

• Michael

On 19/03/17 13:43, Richard wrote:

...

Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger michael.heuberger@binarykitchen.com

Hello guys

Having headaches here how to make logrotation for dovecot log files work. Having permission issues:

michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily

Handling 1 logs

rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

This is my current logrotation conf for dovecot:

/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }

And the /var/log folder has these permissions:

drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log

Any clues what's wrong?

As the message says:

...

because parent directory has insecure permissions (It's world writable or writable by group which is not "root")

...

drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log

On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group).

--

Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand)

Mobile (text only) ... +64 21 261 89 81 Email ................ michael@binarykitchen.com Website .............. http://www.binarykitchen.com

Well, I tried the same but it didn't work.

Setting my dovecot.log to 600 with root:root is breaking my mail system. I am then unable to receive and open emails.

Had to apply an ugly hack

/var/log/dovecot*.log { su syslog syslog create 666 syslog syslog rotate 10 ... }

Like that anyone who wants to access/write to it, can do it and all works.

That's my problem. Do not know who/what/how to set this up correctly.

• Michael

On 19/03/17 15:12, Richard wrote:

...

Date: Sunday, March 19, 2017 14:56:01 +1300 From: Michael Heuberger michael.heuberger@binarykitchen.com

On 19/03/17 13:43, Richard wrote:

...

...

Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger michael.heuberger@binarykitchen.com

Hello guys

Having headaches here how to make logrotation for dovecot log files work. Having permission issues:

michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily

Handling 1 logs

rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

This is my current logrotation conf for dovecot:

/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }

And the /var/log folder has these permissions:

drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log

Any clues what's wrong? As the message says:

...

because parent directory has insecure permissions (It's world writable or writable by group which is not "root")

...

drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log

On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group). Thank you. And what user/group/file perms does your dovecot.log file have?

• Michael

I log dovecot via syslog to [/var/log/]maillog, rather than its own log file. That file is owned root.root and has permissions of 600.

--

Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand)

Mobile (text only) ... +64 21 261 89 81 Email ................ michael@binarykitchen.com Website .............. http://www.binarykitchen.com

Well, I'd rather to have dovecot log alone in one log file.

My initial question is that user/group and file permissions to use??

On 19/03/17 15:40, Richard wrote:

...

Date: Sunday, March 19, 2017 15:28:35 +1300 From: Michael Heuberger michael.heuberger@binarykitchen.com

On 19/03/17 15:12, Richard wrote:

...

...

Date: Sunday, March 19, 2017 14:56:01 +1300 From: Michael Heuberger michael.heuberger@binarykitchen.com

On 19/03/17 13:43, Richard wrote:

...

...

Date: Sunday, March 19, 2017 13:32:57 +1300 From: Michael Heuberger michael.heuberger@binarykitchen.com

Hello guys

Having headaches here how to make logrotation for dovecot log files work. Having permission issues:

michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv dovecot.daily ⏎ reading config file dovecot.daily

Handling 1 logs

rotating pattern: /var/log/dovecot*.log forced from command line (10 rotations) empty log files are rotated, old logs are removed considering log /var/log/dovecot.log error: skipping "/var/log/dovecot.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

This is my current logrotation conf for dovecot:

/var/log/dovecot*.log { rotate 10 missingok sharedscripts postrotate doveadm log reopen endscript }

And the /var/log folder has these permissions:

drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log

Any clues what's wrong? As the message says:

...

because parent directory has insecure permissions (It's world writable or writable by group which is not "root")

...

drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log

On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group). Thank you. And what user/group/file perms does your dovecot.log file have?

• Michael

I log dovecot via syslog to [/var/log/]maillog, rather than its own log file. That file is owned root.root and has permissions of 600. Well, I tried the same but it didn't work.

Setting my dovecot.log to 600 with root:root is breaking my mail system. I am then unable to receive and open emails.

Had to apply an ugly hack

/var/log/dovecot*.log { su syslog syslog create 666 syslog syslog rotate 10 ... }

Like that anyone who wants to access/write to it, can do it and all works.

That's my problem. Do not know who/what/how to set this up correctly.

• Michael

I would be inclined to just log dovecot to the syslog mail facility, which I believe is the default (in 10-logging.conf) -- in the RHEL setup anyway, and what I do:

log_path = syslog

syslog_facility = mail

--

Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand)

Mobile (text only) ... +64 21 261 89 81 Email ................ michael@binarykitchen.com Website .............. http://www.binarykitchen.com

Please don't top post.

On 18-03-2017 22:56, Michael Heuberger wrote:

Thank you. And what user/group/file perms does your dovecot.log file have?

Here I have drwxr-xr-x 2 root root 4096 Mar 19 06:25 /var/log/dovecot/

And the files are -rw------- 1 root root 4110 Mar 19 07:57 info.log -rw------- 1 root root 0 Mar 19 06:25 main.log

-- No-one would remember the Good Samaritan if he had only had good intentions. He had money as well. -- Margaret Thatcher

Eduardo M KALINOWSKI eduardo@kalinowski.com.br