Unprivileged users can't use doveadm anymore in 2.3.16
What happened in 2.3.16 to doveadm? You can no longer use the command as an unprivileged user like you could in 2.3.8
Roundcube uses "doveadm pw" to change users passwords and runs as user apache. This works in 2.3.8 but in 2.3.16 you get an error. doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 19: ssl_key: Can't open file /etc/letsencrypt/live/example_cert/privkey.pem: Permission denied
I tried "doveadm quota get ..." from the console as user apache and got the same error. I then tried running just "doveadm" and got the error, it wouldn't even display the help output. So it appears to not be directly related to using the "pw" feature.
Just to trouble shoot i gave full read permission to privkey.pem just to see if doveadm would work. Doveadm still would not run for user apache but gave a different error: doveconf: Error: ssl enabled, but ssl_dh not set doveconf: Fatal: Invalid configuration
Was this requirement to read the privkey.pem always there or just added in 2.3.16? Is this a deeper issue considering the ssl_dh error? Is there a way to fix this? Is this by design unprivileged user can no longer use doveadm?
16.09.21, 18:50 +0200, dovecot@ptld.com:
What happened in 2.3.16 to doveadm? You can no longer use the command as an unprivileged user like you could in 2.3.8
Roundcube uses "doveadm pw" to change users passwords and runs as user apache. This works in 2.3.8 but in 2.3.16 you get an error. doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 19: ssl_key: Can't open file /etc/letsencrypt/live/example_cert/privkey.pem: Permission denied
https://dovecot.org/pipermail/dovecot/2020-August/119646.html
-- Regards mks
On 16/09/2021 20:08 Markus Schönhaber <dovecot@list-post.mks-mail.de> wrote:
16.09.21, 18:50 +0200, dovecot@ptld.com:
What happened in 2.3.16 to doveadm? You can no longer use the command as an unprivileged user like you could in 2.3.8
Roundcube uses "doveadm pw" to change users passwords and runs as user apache. This works in 2.3.8 but in 2.3.16 you get an error. doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 19: ssl_key: Can't open file /etc/letsencrypt/live/example_cert/privkey.pem: Permission denied
https://dovecot.org/pipermail/dovecot/2020-August/119646.html
-- Regards mks
This is fixed with
https://github.com/dovecot/core/compare/79a210c1f7e94a1863f17db0b9f14b6d3c89...
and will be in 2.3.17
Aki
participants (3)
-
Aki Tuomi
-
dovecot@ptld.com
-
Markus Schönhaber