On 11:29 Mon 26 Nov , Marcus Frings wrote:
> Hi Apollon,
>
> On Sun, 25 Nov 2018 20:22:11 +0200, Apollon Oikonomopoulos
> <apoi...@debian.org> wrote:
>
> > The issue described in the upstream mailing list is a bit different,
> > as it applies to dovecot 2.3.1. Dovecot 2.3.1 by default set the
> > stats-writer permissions to root:root, 0600. In 2.3.2 this was
> > relaxed to root:dovecot, 0660, which means that if you add your plain
> > user to the dovecot group, doveadm should work fine. Can you try this
> > out? If it works, I'll add a note in README.Debian about running
> > doveadm as non-root.
>
> I reverted my manual change of permissions
> for /var/run/dovecot/stats-writer from 666 (suggested at the dovecot
> mailing list) to 660 (Debian's current default) and added my
> user to the dovecot group: I can confirm that running doveadm as normal
> user now allows the nightly maintenance work (such as expunging mails).
> Hence, it seems to work fine.
>
> But do you think that this is the way to go (to add ordinary users to
> the dovecot group)?
It all comes down to the following question: do we trust everyone on the
system to submit dovecot stats or not? For some people it might be okay
to just change permissions to 0666. OTOH, upstream seems to be more
conservative about this.
Regarding the dovecot group, upstream notes the following:
commit 5cf6951e37bd37bb11b3335a3dbd029065143454
Author: Timo Sirainen <timo.sirai...@dovecot.fi>
Date: Wed Feb 7 13:03:23 2018 +0200
master: Add default_internal_group setting, defaulting to "dovecot"
It's expected that this is the primary group of the default_internal_user.
This group will be used to provide access to sockets that are generally
required by all Dovecot processes, but aren't safe enough to be allowed
completely open access from untrusted processes.
So, it looks like the intention is precisely to allow more fine-grained
access control for certain sockets.
Finally, bear in mind that doveadm is an administrative tool and not
meant to be run by "regular" users. For instance, it will fail if the
user invoking it does not have read permissions on all files under
/etc/dovecot/conf.d.
Regards,
Apollon
