Logrotate cron task in Plesk fails: skipping because parent directory has insecure permissions

Follow

Comments

1 comment

  • Avatar
    Automata

    SYSTEM SPECIFICATIONS

     

    Operating system:

    Ubuntu 20.04.1 LTS

    Plesk version:
    Plesk Obsidian v18.0.32_build1800201211.19

     

    Server:

    Dedicated server - AMD Ryzen 7 3700X

     

    My logrotate.conf file:

    # see "man logrotate" for details
    # rotate log files weekly
    weekly
     
    # use the adm group by default, since this is the owning group
    # of /var/log/syslog.
    su root adm
     
    # keep 4 weeks worth of backlogs
    rotate 4
     
    # create new (empty) log files after rotating old ones
    create
     
    # use date as a suffix of the rotated file
    dateext
     
    # uncomment this if you want your log files compressed
    compress
     
    # packages drop log rotation information into this directory
    include /etc/logrotate.d
     
    # system-specific logs may be also be configured here.

     

    Hi,

     

    I state that I have already followed your official guide available at this link https://support.plesk.com/hc/en-us/articles/360006381154-Logrotate-cron-task-in-Plesk-fails-skipping-because-parent-directory-has-insecure-permissions and it does not work.

    Logrotate doesn't work, in fact if I run this command:

    # logrotate -f /etc/logrotate.d/rsyslog

     

    I get these errors:

    error: skipping "/var/log/syslog" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/mail.info" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/mail.warn" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/mail.err" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/mail.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/daemon.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/kern.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/auth.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/user.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/lpr.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/cron.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/debug" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/messages" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

     

    You in your official guide suggest this:

    Set the correct permissions and ownerships on the parent directories:

     

    # chmod 755 /var/log/ && chown root:root /var/log/
    # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
    # chmod 755 /var && chown root:root /var

     

    Note: if Ubuntu is used, make sure that su root syslog is included into /etc/logrotate.conf file:

     

    # head /etc/logrotate.conf
    # see "man logrotate" for details
    # rotate log files weekly
    weekly

    # use the syslog group by default, since this is the owning group
    # of /var/log/syslog.
    su root syslog

    # keep 4 weeks worth of backlogs
    rotate 4

     

    I can confirm the problem apparently seems to be solved by using this in the logrotate.conf file configuration:

     

    # use the adm group by default, since this is the owning group
    # of /var/log/syslog.
    su root adm

     

    or this

     

    # use the syslog group by default, since this is the owning group

    # of /var/log/syslog.

    su root syslog


    The problem is that if you restart the server, Logrotate it doesn't work anymore and always keeps giving the errors that I posted above.

     

    Also if you use these commands that you have indicated in your official guide:

     

    # chmod 755 /var/log/ && chown root:root /var/log/
    # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
    # chmod 755 /var && chown root:root /var

     

    going to Plesk> Tools & Settings> Diagnose & Repair and checking the File System item you have these errors:

    The operation failed with the following error: {"id":1,"cmd":"plesk repair fs -n","type":"progress","message":"Checking Linux system files","level":0} {"id":2,"cmd":"plesk repair fs -n","type":"error","message":"There are incorrect permissions on some items: \/var\/log","level":1} {"id":3,"cmd":"plesk repair fs -n","type":"progress","message":"Checking virtual hosts' file system","level":0} {"id":3,"cmd":"plesk repair fs -n","type":"success","message":"Checking virtual hosts' file system","level":0}

     

    And once you click on Repair, Plesk automatically cancels the commands you indicated in your guide:

    # chmod 755 /var/log/ && chown root:root /var/log/
    # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
    # chmod 755 /var && chown root:root /var

     

    So I ask someone from the Plesk Support Team to tell me how to solve this problem which is absolutely not up to me but it is a Plesk BUG and how to solve this problem because I have log files of tens and tens of GB and not I would like to fill all my NVME HDD due to this Plesk Bug.

     

    Thanks in advance for the support.

    Sincerely, Automata.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request