Further investigation shows that `doveconf` called `/usr/lib/dovecot/managesieve` which in return calls `doveconf` again, but with another uid (possible? I'm not sure) and a few extra arguments, which causes a call to `glob` in `src/config/config-parser.c:settings_include` to fail with `GLOB_NOMATCH`.

I'd be appreciate if anyone can provide information on suspicious permission-relating operation that `managesieve` does before calling `doveconf`.

 I just can't find a way to post reply on previous mails, so I decided to post a new one. The original text follows.

On 2019/6/6 3:15, Ben Ma wrote:

I'm on dovecot 2.3.3 (dcead646b). Output of `dovecot -n`:

# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.3 (f018bbab) doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 98: No matches doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 98: No matches

While line 98 of dovecot.conf is just "!include conf.d/*.conf".

Output of `doveconf -n`:

# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.3 (f018bbab) doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 98: No matches doveconf: Error: managesieve-login: dump-capability process returned 89 # OS: Linux 4.12.14-lp151.28.4-default x86_64 # Hostname: XXX doveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink() failed: No such file or directory namespace inbox { ............. (Removed for simplicity) } ssl = required ssl_cert = </etc/postfix/ssl/certs/phys.cer ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb {   driver = passwd }

It's strange that all the extra content (especially ssl conf) only occurs in conf.d/10-ssl.conf.

To dig on what's happening underneath I ran `strace doveconf -n 2>&1 |egrep "\.conf|conf\.d"` and got:

write(1, "# 2.3.3 (dcead646b): /etc/doveco"..., 47# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf openat(AT_FDCWD, "/etc/dovecot/dovecot.conf", O_RDONLY) = 7 wait4(-1, doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 98: No matches open("/etc/dovecot/conf.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/dovecot/conf.d/90-sieve.conf", O_RDONLY) = 8 ............. (Removed for simplicity) openat(AT_FDCWD, "/etc/dovecot/conf.d/10-ssl.conf", O_RDONLY) = 20 openat(AT_FDCWD, "/etc/dovecot/conf.d/10-auth.conf", O_RDONLY) = 25 stat("/etc/dovecot/conf.d/auth-system.conf.ext", {st_mode=S_IFREG|0644, st_size=2182, ...}) = 0 openat(AT_FDCWD, "/etc/dovecot/conf.d/auth-system.conf.ext", O_RDONLY) = 26 stat("/etc/dovecot/local.conf", 0x7ffd94664760) = -1 ENOENT (No such file or directory) stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=709, ...}) = 0 open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 7 read(7, "#\n# /etc/host.conf - resolver co"..., 4096) = 370 open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 7 read(7, "### /etc/resolv.conf is a symlin"..., 4096) = 709 readlink("/var/run/dovecot/dovecot.conf", 0x5555db302598, 128) = -1 ENOENT (No such file or directory) write(2, "doveconf: Error: t_readlink(/var"..., 112doveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink() failed: No such file or directory

It seems that files in conf.d is never read before doveconf's complaint! I have totally no idea why this happens. Any help?