On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at Plesk 360 (formerly known as My Plesk) please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

Articles in this section

See more

Logrotate cron task in Plesk fails: skipping because parent directory has insecure permissions

Avatar
Renan Genova Ferreira
Updated
Follow
Plesk for Linux kb: technical ABT: Group A

Applicable to:

  • Plesk for Linux

Symptoms

The Plesk administrator receives alerts with the following content indicating the task /etc/cron.daily/logrotate failed:

CONFIG_TEXT: /etc/cron.daily/logrotate
error: skipping "/var/log/newrelic/php_agent.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/newrelic/nrsysmond.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
run-parts: /etc/cron.daily/logrotate exited with return code 1

Cause

Incorrect permissions and/or ownership on parent directory/directories.

Resolution

  1. Connect to the server via SSH.

  2. Set the correct permissions and ownerships on the parent directories:

    # chmod 755 /var/log/ && chown root:root /var/log/
    # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
    # chmod 755 /var && chown root:root /var

Note: if Ubuntu is used, make sure that su root syslog is included into /etc/logrotate.conf file:

# head /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# use the syslog group by default, since this is the owning group
# of /var/log/syslog.
su root syslog

# keep 4 weeks worth of backlogs
rotate 4

Comments

1 comment

Sort by Date Votes
  • Avatar
    Automata

    SYSTEM SPECIFICATIONS

     

    Operating system:

    Ubuntu 20.04.1 LTS

    Plesk version:
    Plesk Obsidian v18.0.32_build1800201211.19

     

    Server:

    Dedicated server - AMD Ryzen 7 3700X

     

    My logrotate.conf file:

    # see "man logrotate" for details
    # rotate log files weekly
    weekly
     
    # use the adm group by default, since this is the owning group
    # of /var/log/syslog.
    su root adm
     
    # keep 4 weeks worth of backlogs
    rotate 4
     
    # create new (empty) log files after rotating old ones
    create
     
    # use date as a suffix of the rotated file
    dateext
     
    # uncomment this if you want your log files compressed
    compress
     
    # packages drop log rotation information into this directory
    include /etc/logrotate.d
     
    # system-specific logs may be also be configured here.

     

    Hi,

     

    I state that I have already followed your official guide available at this link https://support.plesk.com/hc/en-us/articles/360006381154-Logrotate-cron-task-in-Plesk-fails-skipping-because-parent-directory-has-insecure-permissions and it does not work.

    Logrotate doesn't work, in fact if I run this command:

    # logrotate -f /etc/logrotate.d/rsyslog

     

    I get these errors:

    error: skipping "/var/log/syslog" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/mail.info" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/mail.warn" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/mail.err" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/mail.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/daemon.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/kern.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/auth.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/user.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/lpr.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/cron.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/debug" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    error: skipping "/var/log/messages" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

     

    You in your official guide suggest this:

    Set the correct permissions and ownerships on the parent directories:

     

    # chmod 755 /var/log/ && chown root:root /var/log/
    # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
    # chmod 755 /var && chown root:root /var

     

    Note: if Ubuntu is used, make sure that su root syslog is included into /etc/logrotate.conf file:

     

    # head /etc/logrotate.conf
    # see "man logrotate" for details
    # rotate log files weekly
    weekly

    # use the syslog group by default, since this is the owning group
    # of /var/log/syslog.
    su root syslog

    # keep 4 weeks worth of backlogs
    rotate 4

     

    I can confirm the problem apparently seems to be solved by using this in the logrotate.conf file configuration:

     

    # use the adm group by default, since this is the owning group
    # of /var/log/syslog.
    su root adm

     

    or this

     

    # use the syslog group by default, since this is the owning group

    # of /var/log/syslog.

    su root syslog


    The problem is that if you restart the server, Logrotate it doesn't work anymore and always keeps giving the errors that I posted above.

     

    Also if you use these commands that you have indicated in your official guide:

     

    # chmod 755 /var/log/ && chown root:root /var/log/
    # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
    # chmod 755 /var && chown root:root /var

     

    going to Plesk> Tools & Settings> Diagnose & Repair and checking the File System item you have these errors:

    The operation failed with the following error: {"id":1,"cmd":"plesk repair fs -n","type":"progress","message":"Checking Linux system files","level":0} {"id":2,"cmd":"plesk repair fs -n","type":"error","message":"There are incorrect permissions on some items: \/var\/log","level":1} {"id":3,"cmd":"plesk repair fs -n","type":"progress","message":"Checking virtual hosts' file system","level":0} {"id":3,"cmd":"plesk repair fs -n","type":"success","message":"Checking virtual hosts' file system","level":0}

     

    And once you click on Repair, Plesk automatically cancels the commands you indicated in your guide:

    # chmod 755 /var/log/ && chown root:root /var/log/
    # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
    # chmod 755 /var && chown root:root /var

     

    So I ask someone from the Plesk Support Team to tell me how to solve this problem which is absolutely not up to me but it is a Plesk BUG and how to solve this problem because I have log files of tens and tens of GB and not I would like to fill all my NVME HDD due to this Plesk Bug.

     

    Thanks in advance for the support.

    Sincerely, Automata.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles