Thank you. And what user/group/file perms does your dovecot.log file have? - Michael On 19/03/17 13:43, Richard wrote:> >> Date: Sunday, March 19, 2017 13:32:57 +1300 >> From: Michael Heuberger <michael.heuberger at binarykitchen.com> >> >> Hello guys >> >> Having headaches here how to make logrotation for dovecot log files >> work. Having permission issues: >> >> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >> dovecot.daily >> ? >> reading config file dovecot.daily >> >> Handling 1 logs >> >> rotating pattern: /var/log/dovecot*.log forced from command line >> (10 rotations) >> empty log files are rotated, old logs are removed >> considering log /var/log/dovecot.log >> error: skipping "/var/log/dovecot.log" because parent directory has >> insecure permissions (It's world writable or writable by group >> which is not "root") Set "su" directive in config file to tell >> logrotate which user/group should be used for rotation. >> >> This is my current logrotation conf for dovecot: >> >> /var/log/dovecot*.log { >> rotate 10 >> missingok >> sharedscripts >> postrotate >> doveadm log reopen >> endscript >> } >> >> And the /var/log folder has these permissions: >> >> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >> >> Any clues what's wrong? > > As the message says: > > > because parent directory has insecure permissions > > (It's world writable or writable by group which > > is not "root") > > > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log > > On my RHEL derived systems, /var/log is root.root (and even then, is > not writable by group).-- Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand) Mobile (text only) ... +64 21 261 89 81 Email ................ michael at binarykitchen.com Website .............. http://www.binarykitchen.com
> Date: Sunday, March 19, 2017 14:56:01 +1300 > From: Michael Heuberger <michael.heuberger at binarykitchen.com> > > On 19/03/17 13:43, Richard wrote: >> >>> Date: Sunday, March 19, 2017 13:32:57 +1300 >>> From: Michael Heuberger <michael.heuberger at binarykitchen.com> >>> >>> Hello guys >>> >>> Having headaches here how to make logrotation for dovecot log >>> files work. Having permission issues: >>> >>> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >>> dovecot.daily >>> ? >>> reading config file dovecot.daily >>> >>> Handling 1 logs >>> >>> rotating pattern: /var/log/dovecot*.log forced from command line >>> (10 rotations) >>> empty log files are rotated, old logs are removed >>> considering log /var/log/dovecot.log >>> error: skipping "/var/log/dovecot.log" because parent directory >>> has insecure permissions (It's world writable or writable by group >>> which is not "root") Set "su" directive in config file to tell >>> logrotate which user/group should be used for rotation. >>> >>> This is my current logrotation conf for dovecot: >>> >>> /var/log/dovecot*.log { >>> rotate 10 >>> missingok >>> sharedscripts >>> postrotate >>> doveadm log reopen >>> endscript >>> } >>> >>> And the /var/log folder has these permissions: >>> >>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>> >>> Any clues what's wrong? >> >> As the message says: >> >> > because parent directory has insecure permissions >> > (It's world writable or writable by group which >> > is not "root") >> >> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >> >> On my RHEL derived systems, /var/log is root.root (and even then, >> is not writable by group). > > Thank you. And what user/group/file perms does your dovecot.log > file have? > > - Michael > >I log dovecot via syslog to [/var/log/]maillog, rather than its own log file. That file is owned root.root and has permissions of 600.
Well, I tried the same but it didn't work.
Setting my dovecot.log to 600 with root:root is breaking my mail system.
I am then unable to receive and open emails.
Had to apply an ugly hack
/var/log/dovecot*.log {
su syslog syslog
create 666 syslog syslog
rotate 10
...
}
Like that anyone who wants to access/write to it, can do it and all works.
That's my problem. Do not know who/what/how to set this up correctly.
- Michael
On 19/03/17 15:12, Richard wrote:>
>> Date: Sunday, March 19, 2017 14:56:01 +1300
>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>
>> On 19/03/17 13:43, Richard wrote:
>>>> Date: Sunday, March 19, 2017 13:32:57 +1300
>>>> From: Michael Heuberger <michael.heuberger at
binarykitchen.com>
>>>>
>>>> Hello guys
>>>>
>>>> Having headaches here how to make logrotation for dovecot log
>>>> files work. Having permission issues:
>>>>
>>>> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv
>>>> dovecot.daily
>>>> ?
>>>> reading config file dovecot.daily
>>>>
>>>> Handling 1 logs
>>>>
>>>> rotating pattern: /var/log/dovecot*.log forced from command
line
>>>> (10 rotations)
>>>> empty log files are rotated, old logs are removed
>>>> considering log /var/log/dovecot.log
>>>> error: skipping "/var/log/dovecot.log" because parent
directory
>>>> has insecure permissions (It's world writable or writable
by group
>>>> which is not "root") Set "su" directive in
config file to tell
>>>> logrotate which user/group should be used for rotation.
>>>>
>>>> This is my current logrotation conf for dovecot:
>>>>
>>>> /var/log/dovecot*.log {
>>>> rotate 10
>>>> missingok
>>>> sharedscripts
>>>> postrotate
>>>> doveadm log reopen
>>>> endscript
>>>> }
>>>>
>>>> And the /var/log folder has these permissions:
>>>>
>>>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
>>>>
>>>> Any clues what's wrong?
>>> As the message says:
>>>
>>> > because parent directory has insecure permissions
>>> > (It's world writable or writable by group which
>>> > is not "root")
>>>
>>> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
>>>
>>> On my RHEL derived systems, /var/log is root.root (and even then,
>>> is not writable by group).
>> Thank you. And what user/group/file perms does your dovecot.log
>> file have?
>>
>> - Michael
>>
>>
> I log dovecot via syslog to [/var/log/]maillog, rather than its own
> log file. That file is owned root.root and has permissions of 600.
--
Binary Kitchen
Michael Heuberger
1/33 Parrish Road
Sandringham
Auckland 1025
(New Zealand)
Mobile (text only) ... +64 21 261 89 81
Email ................ michael at binarykitchen.com
Website .............. http://www.binarykitchen.com
Please don't top post. On 18-03-2017 22:56, Michael Heuberger wrote:> Thank you. And what user/group/file perms does your dovecot.log file have? >Here I have drwxr-xr-x 2 root root 4096 Mar 19 06:25 /var/log/dovecot/ And the files are -rw------- 1 root root 4110 Mar 19 07:57 info.log -rw------- 1 root root 0 Mar 19 06:25 main.log -- No-one would remember the Good Samaritan if he had only had good intentions. He had money as well. -- Margaret Thatcher Eduardo M KALINOWSKI eduardo at kalinowski.com.br
Michael, You should probably just chmod 600 your dovecot.log file. Here's mine (debian 8): root at messagerie-secours[CHROOT][10.10.10.19] ~ # ls /var/log/dovecot.log -rw------- 1 root root 8.3M Mar 22 16:40 /var/log/dovecot.log root at messagerie-secours[CHROOT][10.10.10.19] ~ # And here are the permissions for my /var/log directory : root at messagerie-secours[CHROOT][10.10.10.19] ~ # ls -d /var/log/ drwxr-xr-x 11 root root 4.0K Mar 22 06:25 /var/log/ root at messagerie-secours[CHROOT][10.10.10.19] ~ # -- Yassine.