On Wed, 3 Jan 2018 13:37:07 -0500 Timo Sirainen <t...@iki.fi> wrote: > On 3 Jan 2018, at 11.38, Rob Hoelz <rob+dove...@hoelz.ro> wrote: > > > > Hi dovecot developers and users, > > > > I recently upgraded my server running Arch Linux to dovecot 2.3.0, > > and I noticed some of my cron jobs started issuing me error > > messages. These cron jobs run as a non-root user associated with > > my mail account, and they use doveadm to tidy things up (ex. > > purging the trash, moving old mail in certain folders into the > > trash). The error message is: > > > >> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: > >> Permission denied > > > > I assume this is doveadm trying to participate in the new 2.3 stats > > process, and after reading the code a bit, I can't see way to tell > > doveadm to not connect to the stats writer. The socket is owned by > > root with 600 permissions. > > > > What would be the right way to remedy this? AFAICT, I could > > potentially run doveadm as root (which I would prefer to avoid), or > > I could change the permissions on the stats writer socket, but I > > would hate to introduce any sort of security vulnerability by doing > > so. I currently have a scrappy Perl script that just runs doveadm > > and filters out the error message (it doesn't seem to affect the > > behavior of doveadm other than the message), but that feels dirty > > and I would prefer a cleaner solution. Any advice? > > I was wondering what to do about this while developing it. I think > you can disable this by clearing out the socket path: > > doveadm -o stats_writer_socket_path= > > But .. I think the changing the socket permissions is the better > solution. The new stats process should know about everything that is > going on in the system, and these doveadm calls are part of that. So > if they're excluded then the stats aren't exactly correct. The > stats-writer can't do all that much harm other than messing up the > statistics or probably crashing stats process by using up all of its > memory. >
Thanks for the advice, Timo - I went ahead and applied the permission change to my dovecot config. On a side note, thanks for dovecot in general - it's a great piece of software! -Rob
