Unprivileged users can't use doveadm anymore in 2.3.16
dovecot at ptld.com
dovecot at ptld.com
Thu Sep 16 19:50:54 EEST 2021
What happened in 2.3.16 to doveadm? You can no longer use the command as
an unprivileged user like you could in 2.3.8
Roundcube uses "doveadm pw" to change users passwords and runs as user
apache. This works in 2.3.8 but in 2.3.16 you get an error.
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf
line 19: ssl_key: Can't open file
/etc/letsencrypt/live/example_cert/privkey.pem: Permission denied
I tried "doveadm quota get ..." from the console as user apache and got
the same error. I then tried running just "doveadm" and got the error,
it wouldn't even display the help output. So it appears to not be
directly related to using the "pw" feature.
Just to trouble shoot i gave full read permission to privkey.pem just to
see if doveadm would work. Doveadm still would not run for user apache
but gave a different error:
doveconf: Error: ssl enabled, but ssl_dh not set
doveconf: Fatal: Invalid configuration
Was this requirement to read the privkey.pem always there or just added
in 2.3.16? Is this a deeper issue considering the ssl_dh error? Is there
a way to fix this? Is this by design unprivileged user can no longer use
doveadm?
More information about the dovecot
mailing list