Permission denied when logrotating dovecot.log

Sun Mar 19 08:21:20 EET 2017

Well, I'd rather to have dovecot log alone in one log file.

My initial question is that user/group and file permissions to use??

On 19/03/17 15:40, Richard wrote:
>
>> Date: Sunday, March 19, 2017 15:28:35 +1300
>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>
>> On 19/03/17 15:12, Richard wrote:
>>>> Date: Sunday, March 19, 2017 14:56:01 +1300
>>>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>>>
>>>> On 19/03/17 13:43, Richard wrote:
>>>>>> Date: Sunday, March 19, 2017 13:32:57 +1300
>>>>>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>>>>>
>>>>>> Hello guys
>>>>>>
>>>>>> Having headaches here how to make logrotation for dovecot log
>>>>>> files work. Having permission issues:
>>>>>>
>>>>>> michael.heuberger at xxx /e/l/daily ❯❯❯ sudo logrotate -fv
>>>>>> dovecot.daily
>>>>>>  ⏎
>>>>>> reading config file dovecot.daily
>>>>>>
>>>>>> Handling 1 logs
>>>>>>
>>>>>> rotating pattern: /var/log/dovecot*.log  forced from command
>>>>>> line (10 rotations)
>>>>>> empty log files are rotated, old logs are removed
>>>>>> considering log /var/log/dovecot.log
>>>>>> error: skipping "/var/log/dovecot.log" because parent directory
>>>>>> has insecure permissions (It's world writable or writable by
>>>>>> group which is not "root") Set "su" directive in config file to
>>>>>> tell logrotate which user/group should be used for rotation.
>>>>>>
>>>>>> This is my current logrotation conf for dovecot:
>>>>>>
>>>>>> /var/log/dovecot*.log {
>>>>>>         rotate 10
>>>>>>         missingok
>>>>>>         sharedscripts
>>>>>>         postrotate
>>>>>>             doveadm log reopen
>>>>>>         endscript
>>>>>> }
>>>>>>
>>>>>> And the /var/log folder has these permissions:
>>>>>>
>>>>>> drwxrwxr-x 12 root     syslog   4.0K Mar 19 12:43 log
>>>>>>
>>>>>> Any clues what's wrong?
>>>>> As the message says:
>>>>>
>>>>>   > because parent directory has insecure permissions
>>>>>   > (It's world writable or writable by group which
>>>>>   > is not "root") 
>>>>>
>>>>>   > drwxrwxr-x 12 root syslog   4.0K Mar 19 12:43 log
>>>>>
>>>>> On my RHEL derived systems, /var/log is root.root (and even then,
>>>>> is not writable by group).
>>>> Thank you. And what user/group/file perms does your dovecot.log
>>>> file have?
>>>>
>>>> - Michael
>>>>
>>>>
>>> I log dovecot via syslog to [/var/log/]maillog, rather than its own
>>> log file. That file is owned root.root and has permissions of 600.
>> Well, I tried the same but it didn't work.
>>
>> Setting my dovecot.log to 600 with root:root is breaking my mail
>> system. I am then unable to receive and open emails.
>>
>> Had to apply an ugly hack
>>
>> /var/log/dovecot*.log {
>>         su syslog syslog
>>         create 666 syslog syslog
>>         rotate 10
>>         ...
>> }
>>
>> Like that anyone who wants to access/write to it, can do it and all
>> works.
>>
>> That's my problem. Do not know who/what/how to set this up
>> correctly.
>>
>> - Michael
>>
> I would be inclined to just log dovecot to the syslog mail facility,
> which I believe is the default (in 10-logging.conf) -- in the RHEL
> setup anyway, and what I do:
>
>    log_path = syslog
>
>    syslog_facility = mail

-- 

Binary Kitchen
Michael Heuberger
1/33 Parrish Road
Sandringham
Auckland 1025
(New Zealand)

Mobile (text only) ...  +64 21 261 89 81
Email ................  michael at binarykitchen.com
Website ..............  http://www.binarykitchen.com