Logrotate cron task in Plesk fails: skipping because parent directory has insecure permissions

• 

  Automata December 22, 2020 02:02

  SYSTEM SPECIFICATIONS

   

  Operating system:

  Ubuntu 20.04.1 LTS
  
  Plesk version:
  Plesk Obsidian v18.0.32_build1800201211.19

   

  Server:

  Dedicated server - AMD Ryzen 7 3700X

   

  My logrotate.conf file:

  # see "man logrotate" for details

  # rotate log files weekly

  weekly

   

  # use the adm group by default, since this is the owning group

  # of /var/log/syslog.

  su root adm

   

  # keep 4 weeks worth of backlogs

  rotate 4

   

  # create new (empty) log files after rotating old ones

  create

   

  # use date as a suffix of the rotated file

  dateext

   

  # uncomment this if you want your log files compressed

  compress

   

  # packages drop log rotation information into this directory

  include /etc/logrotate.d

   

  # system-specific logs may be also be configured here.

   

  Hi,

   

  I state that I have already followed your official guide available at this link https://support.plesk.com/hc/en-us/articles/360006381154-Logrotate-cron-task-in-Plesk-fails-skipping-because-parent-directory-has-insecure-permissions and it does not work.
  
  Logrotate doesn't work, in fact if I run this command:
  
  # logrotate -f /etc/logrotate.d/rsyslog

   

  I get these errors:
  
  

  error: skipping "/var/log/syslog" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/mail.info" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/mail.warn" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/mail.err" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/mail.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/daemon.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/kern.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/auth.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/user.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/lpr.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/cron.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/debug" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

  error: skipping "/var/log/messages" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

   

  You in your official guide suggest this:
  
  

  Set the correct permissions and ownerships on the parent directories:

   

  # chmod 755 /var/log/ && chown root:root /var/log/
  # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
  # chmod 755 /var && chown root:root /var

   

  Note: if Ubuntu is used, make sure that su root syslog is included into /etc/logrotate.conf file:

   

  # head /etc/logrotate.conf
  # see "man logrotate" for details
  # rotate log files weekly
  weekly
  
  # use the syslog group by default, since this is the owning group
  # of /var/log/syslog.
  su root syslog
  
  # keep 4 weeks worth of backlogs
  rotate 4

   

  I can confirm the problem apparently seems to be solved by using this in the logrotate.conf file configuration:

   

  # use the adm group by default, since this is the owning group

  # of /var/log/syslog.

  su root adm

   

  or this

   

  # use the syslog group by default, since this is the owning group

  # of /var/log/syslog.

  su root syslog

  
  The problem is that if you restart the server, Logrotate it doesn't work anymore and always keeps giving the errors that I posted above.

   

  Also if you use these commands that you have indicated in your official guide:

   

  # chmod 755 /var/log/ && chown root:root /var/log/
  # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
  # chmod 755 /var && chown root:root /var

   

  going to Plesk> Tools & Settings> Diagnose & Repair and checking the File System item you have these errors:
  
  The operation failed with the following error: {"id":1,"cmd":"plesk repair fs -n","type":"progress","message":"Checking Linux system files","level":0} {"id":2,"cmd":"plesk repair fs -n","type":"error","message":"There are incorrect permissions on some items: \/var\/log","level":1} {"id":3,"cmd":"plesk repair fs -n","type":"progress","message":"Checking virtual hosts' file system","level":0} {"id":3,"cmd":"plesk repair fs -n","type":"success","message":"Checking virtual hosts' file system","level":0}

   

  And once you click on Repair, Plesk automatically cancels the commands you indicated in your guide:
  
  # chmod 755 /var/log/ && chown root:root /var/log/
  # chmod 755 /var/log/newrelic && chown root:root /var/log/newrelic
  # chmod 755 /var && chown root:root /var

   

  So I ask someone from the Plesk Support Team to tell me how to solve this problem which is absolutely not up to me but it is a Plesk BUG and how to solve this problem because I have log files of tens and tens of GB and not I would like to fill all my NVME HDD due to this Plesk Bug.

   

  Thanks in advance for the support.
  
  Sincerely, Automata.

  0

  Comment actions Permalink

Please sign in to leave a comment.