Permission denied when logrotating dovecot.log

Michael Heuberger michael.heuberger at binarykitchen.com
Sun Mar 19 04:28:35 EET 2017 

Well, I tried the same but it didn't work.

Setting my dovecot.log to 600 with root:root is breaking my mail system.
I am then unable to receive and open emails.

Had to apply an ugly hack

/var/log/dovecot*.log {
        su syslog syslog
        create 666 syslog syslog
        rotate 10
        ...
}

Like that anyone who wants to access/write to it, can do it and all works.

That's my problem. Do not know who/what/how to set this up correctly.

- Michael

On 19/03/17 15:12, Richard wrote:
>
>> Date: Sunday, March 19, 2017 14:56:01 +1300
>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>
>> On 19/03/17 13:43, Richard wrote:
>>>> Date: Sunday, March 19, 2017 13:32:57 +1300
>>>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>>>
>>>> Hello guys
>>>>
>>>> Having headaches here how to make logrotation for dovecot log
>>>> files work. Having permission issues:
>>>>
>>>> michael.heuberger at xxx /e/l/daily ❯❯❯ sudo logrotate -fv
>>>> dovecot.daily
>>>>>>>> reading config file dovecot.daily
>>>>
>>>> Handling 1 logs
>>>>
>>>> rotating pattern: /var/log/dovecot*.log  forced from command line
>>>> (10 rotations)
>>>> empty log files are rotated, old logs are removed
>>>> considering log /var/log/dovecot.log
>>>> error: skipping "/var/log/dovecot.log" because parent directory
>>>> has insecure permissions (It's world writable or writable by group
>>>> which is not "root") Set "su" directive in config file to tell
>>>> logrotate which user/group should be used for rotation.
>>>>
>>>> This is my current logrotation conf for dovecot:
>>>>
>>>> /var/log/dovecot*.log {
>>>>         rotate 10
>>>>         missingok
>>>>         sharedscripts
>>>>         postrotate
>>>>             doveadm log reopen
>>>>         endscript
>>>> }
>>>>
>>>> And the /var/log folder has these permissions:
>>>>
>>>> drwxrwxr-x 12 root     syslog   4.0K Mar 19 12:43 log
>>>>
>>>> Any clues what's wrong?
>>> As the message says:
>>>
>>>   > because parent directory has insecure permissions
>>>   > (It's world writable or writable by group which
>>>   > is not "root") 
>>>
>>>   > drwxrwxr-x 12 root syslog   4.0K Mar 19 12:43 log
>>>
>>> On my RHEL derived systems, /var/log is root.root (and even then,
>>> is not writable by group).
>> Thank you. And what user/group/file perms does your dovecot.log
>> file have?
>>
>> - Michael
>>
>>
> I log dovecot via syslog to [/var/log/]maillog, rather than its own
> log file. That file is owned root.root and has permissions of 600.

-- 

Binary Kitchen
Michael Heuberger
1/33 Parrish Road
Sandringham
Auckland 1025
(New Zealand)

Mobile (text only) ...  +64 21 261 89 81
Email ................  michael at binarykitchen.com
Website ..............  http://www.binarykitchen.com

More information about the dovecot mailing list