Re: [Dovecot] [Bug] doveadm pw Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
I'm writing some code for Posty, a Postfix and Dovecot Administration App. One way to support all of dovecot's password hashes is to have dovecot pw do the work, however I don't want to run the web facing Posty as root or the same user as Dovecot. Is the output of dovecot pw is effected by the contents of the configuration files? What in the configuration file does dovecot pw require to operate? I personally care about SHA512-crypt support, so I just called an outside library to generate the hash. However, others might want to use a different scheme, or Dovecot might not have support for SHA512-crypt on other systems (I think Mac OS X is an example). Hence the elegance of using dovecot pw to do all the work. If a normal user can call dovecot pw, then I'll add back in that code. On Sat, Mar 29, 2014 at 3:06 PM, Reindl Harald h.rei...@thelounge.netwrote: Am 29.03.2014 22:51, schrieb Dwain Blazej: dovecot --version = 2.1.7 When I as a normal user the command: doveadm pw -s sha512-crypt -p example_password the command exit with return code 89 and the message doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied If I make Dovecot's configuration files world readable the error goes away what about calling administrative commands not as normal user? Please remove configuration file dependencies from doveadm pw and how is it supposed to work without the configuration? how do you come to the conclusion that a command called doveadm is supposed to be started as non-admin?
Re: [Dovecot] [Bug] doveadm pw Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
On 04/01/2014 08:56 AM, Dwain Blazej wrote: I'm writing some code for Posty, a Postfix and Dovecot Administration App. One way to support all of dovecot's password hashes is to have dovecot pw do the work, however I don't want to run the web facing Posty as root or the same user as Dovecot. Is the output of dovecot pw is effected by the contents of the configuration files? What in the configuration file does dovecot pw require to operate? I personally care about SHA512-crypt support, so I just called an outside library to generate the hash. However, others might want to use a different scheme, or Dovecot might not have support for SHA512-crypt on other systems (I think Mac OS X is an example). Hence the elegance of using dovecot pw to do all the work. If a normal user can call dovecot pw, then I'll add back in that code. Well if you're using an external library for one scheme, you may just as well use your own code for other schemes. For example: require 'digest' require 'base64' hash = '{SSHA512.b64}' + Base64.strict_encode64( Digest::SHA512.digest(#{secret}#{salt}) + salt ) IMO there's no need to call external program for this.
Re: [Dovecot] [Bug] doveadm pw Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
Am 29.03.2014 22:51, schrieb Dwain Blazej: dovecot --version = 2.1.7 When I as a normal user the command: doveadm pw -s sha512-crypt -p example_password the command exit with return code 89 and the message doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied If I make Dovecot's configuration files world readable the error goes away what about calling administrative commands not as normal user? Please remove configuration file dependencies from doveadm pw and how is it supposed to work without the configuration? how do you come to the conclusion that a command called doveadm is supposed to be started as non-admin? signature.asc Description: OpenPGP digital signature
Re: [Dovecot] [Bug] doveadm pw Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
On 03/29/2014 06:06 PM, Reindl Harald wrote: Am 29.03.2014 22:51, schrieb Dwain Blazej: dovecot --version = 2.1.7 When I as a normal user the command: doveadm pw -s sha512-crypt -p example_password the command exit with return code 89 and the message doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied If I make Dovecot's configuration files world readable the error goes away what about calling administrative commands not as normal user? Please remove configuration file dependencies from doveadm pw and how is it supposed to work without the configuration? how do you come to the conclusion that a command called doveadm is supposed to be started as non-admin? Not directly related (and I don't disagree), but this brings to my attention that doveadm seems to be missing a -c option to load an alternative config file. As for creating a password hash, just do it with a perl one-liner or something like that, see for example Crypt::Passwd::XS or Crypt::Password