Dear fellow Dovecot users,
I've recently been aiding in the fixing up of the old dovecot_stats_ munin plugin. Currently, it still parses the output of doveadm oldstats, as it is quite an old script. Regardless of any feelings we may all have about oldstats, I was quite surprised to find that doveadm requires quite broad privileges (in my case root privileges) to function properly. It seems that any call to doveadm, even for "doveadm oldstats dump domain" runs doveconf and will attempt to fully parse my configuration including trying to read SSL/TLS certificates. Due to this choice, the fact the FIFO of oldstats can be given low privileges, doveadm still has to be invoked with high privileges or it will fail at the stage of verifying configuration.
Now I'm wondering why it's the case that a command such as "doveadm oldstats dump domain" is invoking doveconf and therefore has these kinds of limitations. While for basically all non-stats functions of doveadm, running as root (or similar) makes a lot of sense, I'd argue it doesn't for oldstats (and maybe also the new stats?), which simply talk to a socket. Is there a certain reasoning behind this, or is this accidental behaviour because of the standard operations doveadm always performs? Any elaboration would be more than welcome!
Kind regards, Bert