Permission denied when logrotating dovecot.log

[Richard]

> Date: Sunday, March 19, 2017 14:56:01 +1300
> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>
> On 19/03/17 13:43, Richard wrote:
>> 
>>> Date: Sunday, March 19, 2017 13:32:57 +1300
>>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>> 
>>> Hello guys
>>> 
>>> Having headaches here how to make logrotation for dovecot log
>>> files work. Having permission issues:
>>> 
>>> michael.heuberger at xxx /e/l/daily ❯❯❯ sudo logrotate -fv
>>> dovecot.daily
>>>  ⏎
>>> reading config file dovecot.daily
>>> 
>>> Handling 1 logs
>>> 
>>> rotating pattern: /var/log/dovecot*.log  forced from command line
>>> (10 rotations)
>>> empty log files are rotated, old logs are removed
>>> considering log /var/log/dovecot.log
>>> error: skipping "/var/log/dovecot.log" because parent directory
>>> has insecure permissions (It's world writable or writable by group
>>> which is not "root") Set "su" directive in config file to tell
>>> logrotate which user/group should be used for rotation.
>>> 
>>> This is my current logrotation conf for dovecot:
>>> 
>>> /var/log/dovecot*.log {
>>>         rotate 10
>>>         missingok
>>>         sharedscripts
>>>         postrotate
>>>             doveadm log reopen
>>>         endscript
>>> }
>>> 
>>> And the /var/log folder has these permissions:
>>> 
>>> drwxrwxr-x 12 root     syslog   4.0K Mar 19 12:43 log
>>> 
>>> Any clues what's wrong?
>> 
>> As the message says:
>> 
>>   > because parent directory has insecure permissions
>>   > (It's world writable or writable by group which
>>   > is not "root") 
>> 
>>   > drwxrwxr-x 12 root syslog   4.0K Mar 19 12:43 log
>> 
>> On my RHEL derived systems, /var/log is root.root (and even then,
>> is not writable by group).
>
> Thank you. And what user/group/file perms does your dovecot.log
> file have?
> 
> - Michael
> 
> 

I log dovecot via syslog to [/var/log/]maillog, rather than its own
log file. That file is owned root.root and has permissions of 600.