Well, I tried the same but it didn't work.
Setting my dovecot.log to 600 with root:root is breaking my mail system.
I am then unable to receive and open emails.
Had to apply an ugly hack
/var/log/dovecot*.log {
su syslog syslog
create 666 syslog syslog
rotate 10
...
}
Like that anyone who wants to access/write to it, can do it and all works.
That's my problem. Do not know who/what/how to set this up correctly.
- Michael
On 19/03/17 15:12, Richard wrote:>
>> Date: Sunday, March 19, 2017 14:56:01 +1300
>> From: Michael Heuberger <michael.heuberger at binarykitchen.com>
>>
>> On 19/03/17 13:43, Richard wrote:
>>>> Date: Sunday, March 19, 2017 13:32:57 +1300
>>>> From: Michael Heuberger <michael.heuberger at
binarykitchen.com>
>>>>
>>>> Hello guys
>>>>
>>>> Having headaches here how to make logrotation for dovecot log
>>>> files work. Having permission issues:
>>>>
>>>> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv
>>>> dovecot.daily
>>>> ?
>>>> reading config file dovecot.daily
>>>>
>>>> Handling 1 logs
>>>>
>>>> rotating pattern: /var/log/dovecot*.log forced from command
line
>>>> (10 rotations)
>>>> empty log files are rotated, old logs are removed
>>>> considering log /var/log/dovecot.log
>>>> error: skipping "/var/log/dovecot.log" because parent
directory
>>>> has insecure permissions (It's world writable or writable
by group
>>>> which is not "root") Set "su" directive in
config file to tell
>>>> logrotate which user/group should be used for rotation.
>>>>
>>>> This is my current logrotation conf for dovecot:
>>>>
>>>> /var/log/dovecot*.log {
>>>> rotate 10
>>>> missingok
>>>> sharedscripts
>>>> postrotate
>>>> doveadm log reopen
>>>> endscript
>>>> }
>>>>
>>>> And the /var/log folder has these permissions:
>>>>
>>>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
>>>>
>>>> Any clues what's wrong?
>>> As the message says:
>>>
>>> > because parent directory has insecure permissions
>>> > (It's world writable or writable by group which
>>> > is not "root")
>>>
>>> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log
>>>
>>> On my RHEL derived systems, /var/log is root.root (and even then,
>>> is not writable by group).
>> Thank you. And what user/group/file perms does your dovecot.log
>> file have?
>>
>> - Michael
>>
>>
> I log dovecot via syslog to [/var/log/]maillog, rather than its own
> log file. That file is owned root.root and has permissions of 600.
--
Binary Kitchen
Michael Heuberger
1/33 Parrish Road
Sandringham
Auckland 1025
(New Zealand)
Mobile (text only) ... +64 21 261 89 81
Email ................ michael at binarykitchen.com
Website .............. http://www.binarykitchen.com
> Date: Sunday, March 19, 2017 15:28:35 +1300 > From: Michael Heuberger <michael.heuberger at binarykitchen.com> > > On 19/03/17 15:12, Richard wrote: >> >>> Date: Sunday, March 19, 2017 14:56:01 +1300 >>> From: Michael Heuberger <michael.heuberger at binarykitchen.com> >>> >>> On 19/03/17 13:43, Richard wrote: >>>>> Date: Sunday, March 19, 2017 13:32:57 +1300 >>>>> From: Michael Heuberger <michael.heuberger at binarykitchen.com> >>>>> >>>>> Hello guys >>>>> >>>>> Having headaches here how to make logrotation for dovecot log >>>>> files work. Having permission issues: >>>>> >>>>> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >>>>> dovecot.daily >>>>> ? >>>>> reading config file dovecot.daily >>>>> >>>>> Handling 1 logs >>>>> >>>>> rotating pattern: /var/log/dovecot*.log forced from command >>>>> line (10 rotations) >>>>> empty log files are rotated, old logs are removed >>>>> considering log /var/log/dovecot.log >>>>> error: skipping "/var/log/dovecot.log" because parent directory >>>>> has insecure permissions (It's world writable or writable by >>>>> group which is not "root") Set "su" directive in config file to >>>>> tell logrotate which user/group should be used for rotation. >>>>> >>>>> This is my current logrotation conf for dovecot: >>>>> >>>>> /var/log/dovecot*.log { >>>>> rotate 10 >>>>> missingok >>>>> sharedscripts >>>>> postrotate >>>>> doveadm log reopen >>>>> endscript >>>>> } >>>>> >>>>> And the /var/log folder has these permissions: >>>>> >>>>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>>> >>>>> Any clues what's wrong? >>>> As the message says: >>>> >>>> > because parent directory has insecure permissions >>>> > (It's world writable or writable by group which >>>> > is not "root") >>>> >>>> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>> >>>> On my RHEL derived systems, /var/log is root.root (and even then, >>>> is not writable by group). >>> Thank you. And what user/group/file perms does your dovecot.log >>> file have? >>> >>> - Michael >>> >>> >> I log dovecot via syslog to [/var/log/]maillog, rather than its own >> log file. That file is owned root.root and has permissions of 600.> Well, I tried the same but it didn't work. > > Setting my dovecot.log to 600 with root:root is breaking my mail > system. I am then unable to receive and open emails. > > Had to apply an ugly hack > > /var/log/dovecot*.log { > su syslog syslog > create 666 syslog syslog > rotate 10 > ... > } > > Like that anyone who wants to access/write to it, can do it and all > works. > > That's my problem. Do not know who/what/how to set this up > correctly. > > - Michael >I would be inclined to just log dovecot to the syslog mail facility, which I believe is the default (in 10-logging.conf) -- in the RHEL setup anyway, and what I do: log_path = syslog syslog_facility = mail
Well, I'd rather to have dovecot log alone in one log file. My initial question is that user/group and file permissions to use?? On 19/03/17 15:40, Richard wrote:> >> Date: Sunday, March 19, 2017 15:28:35 +1300 >> From: Michael Heuberger <michael.heuberger at binarykitchen.com> >> >> On 19/03/17 15:12, Richard wrote: >>>> Date: Sunday, March 19, 2017 14:56:01 +1300 >>>> From: Michael Heuberger <michael.heuberger at binarykitchen.com> >>>> >>>> On 19/03/17 13:43, Richard wrote: >>>>>> Date: Sunday, March 19, 2017 13:32:57 +1300 >>>>>> From: Michael Heuberger <michael.heuberger at binarykitchen.com> >>>>>> >>>>>> Hello guys >>>>>> >>>>>> Having headaches here how to make logrotation for dovecot log >>>>>> files work. Having permission issues: >>>>>> >>>>>> michael.heuberger at xxx /e/l/daily ??? sudo logrotate -fv >>>>>> dovecot.daily >>>>>> ? >>>>>> reading config file dovecot.daily >>>>>> >>>>>> Handling 1 logs >>>>>> >>>>>> rotating pattern: /var/log/dovecot*.log forced from command >>>>>> line (10 rotations) >>>>>> empty log files are rotated, old logs are removed >>>>>> considering log /var/log/dovecot.log >>>>>> error: skipping "/var/log/dovecot.log" because parent directory >>>>>> has insecure permissions (It's world writable or writable by >>>>>> group which is not "root") Set "su" directive in config file to >>>>>> tell logrotate which user/group should be used for rotation. >>>>>> >>>>>> This is my current logrotation conf for dovecot: >>>>>> >>>>>> /var/log/dovecot*.log { >>>>>> rotate 10 >>>>>> missingok >>>>>> sharedscripts >>>>>> postrotate >>>>>> doveadm log reopen >>>>>> endscript >>>>>> } >>>>>> >>>>>> And the /var/log folder has these permissions: >>>>>> >>>>>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>>>> >>>>>> Any clues what's wrong? >>>>> As the message says: >>>>> >>>>> > because parent directory has insecure permissions >>>>> > (It's world writable or writable by group which >>>>> > is not "root") >>>>> >>>>> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>>> >>>>> On my RHEL derived systems, /var/log is root.root (and even then, >>>>> is not writable by group). >>>> Thank you. And what user/group/file perms does your dovecot.log >>>> file have? >>>> >>>> - Michael >>>> >>>> >>> I log dovecot via syslog to [/var/log/]maillog, rather than its own >>> log file. That file is owned root.root and has permissions of 600. >> Well, I tried the same but it didn't work. >> >> Setting my dovecot.log to 600 with root:root is breaking my mail >> system. I am then unable to receive and open emails. >> >> Had to apply an ugly hack >> >> /var/log/dovecot*.log { >> su syslog syslog >> create 666 syslog syslog >> rotate 10 >> ... >> } >> >> Like that anyone who wants to access/write to it, can do it and all >> works. >> >> That's my problem. Do not know who/what/how to set this up >> correctly. >> >> - Michael >> > I would be inclined to just log dovecot to the syslog mail facility, > which I believe is the default (in 10-logging.conf) -- in the RHEL > setup anyway, and what I do: > > log_path = syslog > > syslog_facility = mail-- Binary Kitchen Michael Heuberger 1/33 Parrish Road Sandringham Auckland 1025 (New Zealand) Mobile (text only) ... +64 21 261 89 81 Email ................ michael at binarykitchen.com Website .............. http://www.binarykitchen.com