> Date: Sunday, March 19, 2017 15:28:35 +1300 > From: Michael Heuberger <michael.heuber...@binarykitchen.com> > > On 19/03/17 15:12, Richard wrote: >> >>> Date: Sunday, March 19, 2017 14:56:01 +1300 >>> From: Michael Heuberger <michael.heuber...@binarykitchen.com> >>> >>> On 19/03/17 13:43, Richard wrote: >>>>> Date: Sunday, March 19, 2017 13:32:57 +1300 >>>>> From: Michael Heuberger <michael.heuber...@binarykitchen.com> >>>>> >>>>> Hello guys >>>>> >>>>> Having headaches here how to make logrotation for dovecot log >>>>> files work. Having permission issues: >>>>> >>>>> michael.heuberger@xxx /e/l/daily ❯❯❯ sudo logrotate -fv >>>>> dovecot.daily >>>>> ⏎ >>>>> reading config file dovecot.daily >>>>> >>>>> Handling 1 logs >>>>> >>>>> rotating pattern: /var/log/dovecot*.log forced from command >>>>> line (10 rotations) >>>>> empty log files are rotated, old logs are removed >>>>> considering log /var/log/dovecot.log >>>>> error: skipping "/var/log/dovecot.log" because parent directory >>>>> has insecure permissions (It's world writable or writable by >>>>> group which is not "root") Set "su" directive in config file to >>>>> tell logrotate which user/group should be used for rotation. >>>>> >>>>> This is my current logrotation conf for dovecot: >>>>> >>>>> /var/log/dovecot*.log { >>>>> rotate 10 >>>>> missingok >>>>> sharedscripts >>>>> postrotate >>>>> doveadm log reopen >>>>> endscript >>>>> } >>>>> >>>>> And the /var/log folder has these permissions: >>>>> >>>>> drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>>> >>>>> Any clues what's wrong? >>>> As the message says: >>>> >>>> > because parent directory has insecure permissions >>>> > (It's world writable or writable by group which >>>> > is not "root") >>>> >>>> > drwxrwxr-x 12 root syslog 4.0K Mar 19 12:43 log >>>> >>>> On my RHEL derived systems, /var/log is root.root (and even then, >>>> is not writable by group). >>> Thank you. And what user/group/file perms does your dovecot.log >>> file have? >>> >>> - Michael >>> >>> >> I log dovecot via syslog to [/var/log/]maillog, rather than its own >> log file. That file is owned root.root and has permissions of 600.
> Well, I tried the same but it didn't work. > > Setting my dovecot.log to 600 with root:root is breaking my mail > system. I am then unable to receive and open emails. > > Had to apply an ugly hack > > /var/log/dovecot*.log { > su syslog syslog > create 666 syslog syslog > rotate 10 > ... > } > > Like that anyone who wants to access/write to it, can do it and all > works. > > That's my problem. Do not know who/what/how to set this up > correctly. > > - Michael > I would be inclined to just log dovecot to the syslog mail facility, which I believe is the default (in 10-logging.conf) -- in the RHEL setup anyway, and what I do: log_path = syslog syslog_facility = mail