[Dovecot] [Bug] doveadm pw Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
dovecot --version => 2.1.7
When I as a normal user the command:
doveadm pw -s sha512-crypt -p example_password
the command exit with return code 89 and the message
doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
If I make Dovecot's configuration files world readable the error goes away. Please remove configuration file dependencies from "doveadm pw".
Am 29.03.2014 22:51, schrieb Dwain Blazej:
dovecot --version => 2.1.7
When I as a normal user the command:
doveadm pw -s sha512-crypt -p example_password
the command exit with return code 89 and the message
doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
If I make Dovecot's configuration files world readable the error goes away
what about calling administrative commands not as normal user?
Please remove configuration file dependencies from "doveadm pw"
and how is it supposed to work without the configuration?
how do you come to the conclusion that a command called "doveadm" is supposed to be started as non-admin?
On 03/29/2014 06:06 PM, Reindl Harald wrote:
Am 29.03.2014 22:51, schrieb Dwain Blazej:
dovecot --version => 2.1.7
When I as a normal user the command:
doveadm pw -s sha512-crypt -p example_password
the command exit with return code 89 and the message
doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
If I make Dovecot's configuration files world readable the error goes away what about calling administrative commands not as normal user?
Please remove configuration file dependencies from "doveadm pw" and how is it supposed to work without the configuration?
how do you come to the conclusion that a command called "doveadm" is supposed to be started as non-admin?
Not directly related (and I don't disagree), but this brings to my attention that doveadm seems to be missing a -c option to load an alternative config file.
As for creating a password hash, just do it with a perl one-liner or something like that, see for example Crypt::Passwd::XS or Crypt::Password
I'm writing some code for Posty, a Postfix and Dovecot Administration App. One way to support all of dovecot's password hashes is to have "dovecot pw" do the work, however I don't want to run the web facing Posty as root or the same user as Dovecot.
Is the output of "dovecot pw" is effected by the contents of the configuration files? What in the configuration file does "dovecot pw" require to operate?
I personally care about SHA512-crypt support, so I just called an outside library to generate the hash. However, others might want to use a different scheme, or Dovecot might not have support for SHA512-crypt on other systems (I think Mac OS X is an example). Hence the elegance of using dovecot pw to do all the work. If a normal user can call dovecot pw, then I'll add back in that code.
On Sat, Mar 29, 2014 at 3:06 PM, Reindl Harald <h.reindl@thelounge.net>wrote:
Am 29.03.2014 22:51, schrieb Dwain Blazej:
dovecot --version => 2.1.7
When I as a normal user the command:
doveadm pw -s sha512-crypt -p example_password
the command exit with return code 89 and the message
doveconf: Fatal: open(/etc/dovecot/dovecot.conf) failed: Permission denied
If I make Dovecot's configuration files world readable the error goes away
what about calling administrative commands not as normal user?
Please remove configuration file dependencies from "doveadm pw"
and how is it supposed to work without the configuration?
how do you come to the conclusion that a command called "doveadm" is supposed to be started as non-admin?
On 04/01/2014 08:56 AM, Dwain Blazej wrote:
I'm writing some code for Posty, a Postfix and Dovecot Administration App. One way to support all of dovecot's password hashes is to have "dovecot pw" do the work, however I don't want to run the web facing Posty as root or the same user as Dovecot.
Is the output of "dovecot pw" is effected by the contents of the configuration files? What in the configuration file does "dovecot pw" require to operate?
I personally care about SHA512-crypt support, so I just called an outside library to generate the hash. However, others might want to use a different scheme, or Dovecot might not have support for SHA512-crypt on other systems (I think Mac OS X is an example). Hence the elegance of using dovecot pw to do all the work. If a normal user can call dovecot pw, then I'll add back in that code.
Well if you're using an external library for one scheme, you may just as well use your own code for other schemes. For example:
require 'digest' require 'base64'
hash = '{SSHA512.b64}' + Base64.strict_encode64( Digest::SHA512.digest("#{secret}#{salt}") + salt )
IMO there's no need to call external program for this.
participants (4)
-
Dwain Blazej
-
Gedalya
-
Jiří Bourek
-
Reindl Harald