I'm writing some code for Posty, a Postfix and Dovecot Administration App. One way to support all of dovecot's password hashes is to have "dovecot pw" do the work, however I don't want to run the web facing Posty as root or the same user as Dovecot.
Is the output of "dovecot pw" is effected by the contents of the configuration files? What in the configuration file does "dovecot pw" require to operate?
I personally care about SHA512-crypt support, so I just called an outside library to generate the hash. However, others might want to use a different scheme, or Dovecot might not have support for SHA512-crypt on other systems (I think Mac OS X is an example). Hence the elegance of using dovecot pw to do all the work. If a normal user can call dovecot pw, then I'll add back in that code.
On Sat, Mar 29, 2014 at 3:06 PM, Reindl Harald <h.reindl@thelounge.net>wrote:
Am 29.03.2014 22:51, schrieb Dwain Blazej:
dovecot --version => 2.1.7
When I as a normal user the command:
doveadm pw -s sha512-crypt -p example_password
the command exit with return code 89 and the message
doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
If I make Dovecot's configuration files world readable the error goes away
what about calling administrative commands not as normal user?
Please remove configuration file dependencies from "doveadm pw"
and how is it supposed to work without the configuration?
how do you come to the conclusion that a command called "doveadm" is supposed to be started as non-admin?