Permission denied when logrotating dovecot.log
Michael Heuberger
michael.heuberger at binarykitchen.com
Sun Mar 19 08:21:20 EET 2017
Well, I'd rather to have dovecot log alone in one log file.
My initial question is that user/group and file permissions to use??
On 19/03/17 15:40, Richard wrote:
>
>> Date: Sunday, March 19, 2017 15:28:35 +1300
>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>
>> On 19/03/17 15:12, Richard wrote:
>>>> Date: Sunday, March 19, 2017 14:56:01 +1300
>>>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>>>
>>>> On 19/03/17 13:43, Richard wrote:
>>>>>> Date: Sunday, March 19, 2017 13:32:57 +1300
>>>>>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>>>>>
>>>>>> Hello guys
>>>>>>
>>>>>> Having headaches here how to make logrotation for dovecot log
>>>>>> files work. Having permission issues:
>>>>>>
>>>>>> michael.heuberger at xxx /e/l/daily ❯❯❯ sudo logrotate -fv
>>>>>> dovecot.daily
>>>>>> ⏎
>>>>>> reading config file dovecot.daily
>>>>>>
>>>>>> Handling 1 logs
>>>>>>
>>>>>> rotating pattern: /var/log/dovecot*.log forced from command
>>>>>> line (10 rotations)
>>>>>> empty log files are rotated, old logs are removed
>>>>>> considering log /var/log/dovecot.log
>>>>>> error: skipping "/var/log/dovecot.log" because parent directory
>>>>>> has insecure permissions (It's world writable or writable by
>>>>>> group which is not "root") Set "su" directive in config file to
>>>>>> tell logrotate which user/group should be used for rotation.
>>>>>>
>>>>>> This is my current logrotation conf for dovecot:
>>>>>>
>>>>>> /var/log/dovecot*.log {
>>>>>> rotate 10
>>>>>> missingok
>>>>>> sharedscripts
>>>>>> postrotate
>>>>>> doveadm log reopen
>>>>>> endscript
>>>>>> }
>>>>>>
>>>>>> And the /var/log folder has these permissions:
>>>>>>
>>>>>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
>>>>>>
>>>>>> Any clues what's wrong?
>>>>> As the message says:
>>>>>
>>>>> > because parent directory has insecure permissions
>>>>> > (It's world writable or writable by group which
>>>>> > is not "root")
>>>>>
>>>>> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
>>>>>
>>>>> On my RHEL derived systems, /var/log is root.root (and even then,
>>>>> is not writable by group).
>>>> Thank you. And what user/group/file perms does your dovecot.log
>>>> file have?
>>>>
>>>> - Michael
>>>>
>>>>
>>> I log dovecot via syslog to [/var/log/]maillog, rather than its own
>>> log file. That file is owned root.root and has permissions of 600.
>> Well, I tried the same but it didn't work.
>>
>> Setting my dovecot.log to 600 with root:root is breaking my mail
>> system. I am then unable to receive and open emails.
>>
>> Had to apply an ugly hack
>>
>> /var/log/dovecot*.log {
>> su syslog syslog
>> create 666 syslog syslog
>> rotate 10
>> ...
>> }
>>
>> Like that anyone who wants to access/write to it, can do it and all
>> works.
>>
>> That's my problem. Do not know who/what/how to set this up
>> correctly.
>>
>> - Michael
>>
> I would be inclined to just log dovecot to the syslog mail facility,
> which I believe is the default (in 10-logging.conf) -- in the RHEL
> setup anyway, and what I do:
>
> log_path = syslog
>
> syslog_facility = mail
--
Binary Kitchen
Michael Heuberger
1/33 Parrish Road
Sandringham
Auckland 1025
(New Zealand)
Mobile (text only) ... +64 21 261 89 81
Email ................ michael at binarykitchen.com
Website .............. http://www.binarykitchen.com
More information about the dovecot
mailing list