Hello guys
Having headaches here how to make logrotation for dovecot log files
work. Having permission issues:
michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv
dovecot.daily
?
reading config file dovecot.daily
Handling 1 logs
rotating pattern: /var/log/dovecot*.log forced from command line (10
rotations)
empty log files are rotated, old logs are removed
considering log /var/log/dovecot.log
error: skipping "/var/log/dovecot.log" because parent directory has
insecure permissions (It's world writable or writable by group which is
not "root") Set "su" directive in config file to tell
logrotate which
user/group should be used for rotation.
This is my current logrotation conf for dovecot:
/var/log/dovecot*.log {
rotate 10
missingok
sharedscripts
postrotate
doveadm log reopen
endscript
}
And the /var/log folder has these permissions:
drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
Any clues what's wrong?
Thanks
Michael
--
Binary Kitchen
Michael Heuberger
1/33 Parrish Road
Sandringham
Auckland 1025
(New Zealand)
Mobile (text only) ... +64 21 261 89 81
Email ................ michael at binarykitchen.com
Website .............. http://www.binarykitchen.com
> Date: Sunday, March 19, 2017 13:32:57 +1300 > From: Michael Heuberger <michael.heuberger at binarykitchen.com> > > Hello guys > > Having headaches here how to make logrotation for dovecot log files > work. Having permission issues: > > michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv > dovecot.daily > ? > reading config file dovecot.daily > > Handling 1 logs > > rotating pattern: /var/log/dovecot*.log forced from command line > (10 rotations) > empty log files are rotated, old logs are removed > considering log /var/log/dovecot.log > error: skipping "/var/log/dovecot.log" because parent directory has > insecure permissions (It's world writable or writable by group > which is not "root") Set "su" directive in config file to tell > logrotate which user/group should be used for rotation. > > This is my current logrotation conf for dovecot: > > /var/log/dovecot*.log { > rotate 10 > missingok > sharedscripts > postrotate > doveadm log reopen > endscript > } > > And the /var/log folder has these permissions: > > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log > > Any clues what's wrong?As the message says: > because parent directory has insecure permissions > (It's world writable or writable by group which > is not "root") > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log On my RHEL derived systems, /var/log is root.root (and even then, is not writable by group).
Thank you. And what user/group/file perms does your dovecot.log file have? - Michael On 19/03/17 13:43, Richard wrote:> >> Date: Sunday, March 19, 2017 13:32:57 +1300 >> From: Michael Heuberger <michael.heuberger at binarykitchen.com> >> >> Hello guys >> >> Having headaches here how to make logrotation for dovecot log files >> work. Having permission issues: >> >> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >> dovecot.daily >> ? >> reading config file dovecot.daily >> >> Handling 1 logs >> >> rotating pattern: /var/log/dovecot*.log forced from command line >> (10 rotations) >> empty log files are rotated, old logs are removed >> considering log /var/log/dovecot.log >> error: skipping "/var/log/dovecot.log" because parent directory has >> insecure permissions (It's world writable or writable by group >> which is not "root") Set "su" directive in config file to tell >> logrotate which user/group should be used for rotation. >> >> This is my current logrotation conf for dovecot: >> >> /var/log/dovecot*.log { >> rotate 10 >> missingok >> sharedscripts >> postrotate >> doveadm log reopen >> endscript >> } >> >> And the /var/log folder has these permissions: >> >> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >> >> Any clues what's wrong? > > As the message says: > > > because parent directory has insecure permissions > > (It's world writable or writable by group which > > is not "root") > > > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log > > On my RHEL derived systems, /var/log is root.root (and even then, is > not writable by group).-- Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand) Mobile (text only) ... +64 21 261 89 81 Email ................ michael at binarykitchen.com Website .............. http://www.binarykitchen.com