Using dovecot-2.1.15 if I run indexer-worker as a non-root user it fails with an error: Feb 11 13:06:47 indexer-worker: Error: user foobar: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied
This is what I added to 10-master.conf: service indexer-worker { user = _dovecot }
The wiki says it should work: http://wiki2.dovecot.org/Services indexer-worker [...] • user=root, but the privileges are (temporarily) dropped to the mail user's privileges after userdb lookup. If only a single UID is used, user can be set to the mail UID for higher security, because the process can't gain root privileges anymore.
And the code says it should work:
Of course the config socket is locked down as it should be: srw------- 1 root daemon 0 Feb 11 13:06 /var/run/dovecot/config
Here's where the error comes from: 2 libdovecot.0.dylib 0x00000001019612a0 master_service_settings_read + 2168 3 libdovecot.0.dylib 0x000000010196193e master_service_settings_cache_read + 294 4 libdovecot-storage.0.dylib 0x000000010185d9ad mail_storage_service_read_settings + 510 5 libdovecot-storage.0.dylib 0x000000010185da5d mail_storage_service_lookup + 96 6 libdovecot-storage.0.dylib 0x000000010185f06a mail_storage_service_lookup_next + 42 7 indexer-worker 0x00000001018101a1 master_connection_input + 335 8 libdovecot.0.dylib 0x0000000101972455 io_loop_call_io + 46 9 libdovecot.0.dylib 0x000000010197343e io_loop_handler_run + 214 10 libdovecot.0.dylib 0x0000000101972600 io_loop_run + 77 11 libdovecot.0.dylib 0x00000001019601ef master_service_run + 24 12 indexer-worker 0x000000010180ff17 main + 490 13 libdyld.dylib 0x00007fff89d2f7b5 start + 1
Is this a bug or am I configuring it incorrectly? Thanks.