On 11:29 Mon 26 Nov , Marcus Frings wrote: > Hi Apollon, > > On Sun, 25 Nov 2018 20:22:11 +0200, Apollon Oikonomopoulos > <apoi...@debian.org> wrote: > > > The issue described in the upstream mailing list is a bit different, > > as it applies to dovecot 2.3.1. Dovecot 2.3.1 by default set the > > stats-writer permissions to root:root, 0600. In 2.3.2 this was > > relaxed to root:dovecot, 0660, which means that if you add your plain > > user to the dovecot group, doveadm should work fine. Can you try this > > out? If it works, I'll add a note in README.Debian about running > > doveadm as non-root. > > I reverted my manual change of permissions > for /var/run/dovecot/stats-writer from 666 (suggested at the dovecot > mailing list) to 660 (Debian's current default) and added my > user to the dovecot group: I can confirm that running doveadm as normal > user now allows the nightly maintenance work (such as expunging mails). > Hence, it seems to work fine. > > But do you think that this is the way to go (to add ordinary users to > the dovecot group)?
It all comes down to the following question: do we trust everyone on the system to submit dovecot stats or not? For some people it might be okay to just change permissions to 0666. OTOH, upstream seems to be more conservative about this. Regarding the dovecot group, upstream notes the following: commit 5cf6951e37bd37bb11b3335a3dbd029065143454 Author: Timo Sirainen <timo.sirai...@dovecot.fi> Date: Wed Feb 7 13:03:23 2018 +0200 master: Add default_internal_group setting, defaulting to "dovecot" It's expected that this is the primary group of the default_internal_user. This group will be used to provide access to sockets that are generally required by all Dovecot processes, but aren't safe enough to be allowed completely open access from untrusted processes. So, it looks like the intention is precisely to allow more fine-grained access control for certain sockets. Finally, bear in mind that doveadm is an administrative tool and not meant to be run by "regular" users. For instance, it will fail if the user invoking it does not have read permissions on all files under /etc/dovecot/conf.d. Regards, Apollon