Why does doveadm always run doveconf?

Bert Van de Poel bert at bhack.net
Wed Jan 18 22:01:02 UTC 2023


Dear fellow Dovecot users,

I've recently been aiding in the fixing up of the old dovecot_stats_ 
munin plugin. Currently, it still parses the output of doveadm oldstats, 
as it is quite an old script. Regardless of any feelings we may all have 
about oldstats, I was quite surprised to find that doveadm requires 
quite broad privileges (in my case root privileges) to function 
properly. It seems that any call to doveadm, even for "doveadm oldstats 
dump domain" runs doveconf and will attempt to fully parse my 
configuration including trying to read SSL/TLS certificates. Due to this 
choice, the fact the FIFO of oldstats can be given low privileges, 
doveadm still has to be invoked with high privileges or it will fail at 
the stage of verifying configuration.

Now I'm wondering why it's the case that a command such as "doveadm 
oldstats dump domain" is invoking doveconf and therefore has these kinds 
of limitations. While for basically all non-stats functions of doveadm, 
running as root (or similar) makes a lot of sense, I'd argue it doesn't 
for oldstats (and maybe also the new stats?), which simply talk to a 
socket. Is there a certain reasoning behind this, or is this accidental 
behaviour because of the standard operations doveadm always performs? 
Any elaboration would be more than welcome!

Kind regards,
Bert


More information about the dovecot mailing list