Purpose of stats-writer and why doveadm try to open it to dump stats ?
timo at sirainen.com
Mon Jul 15 01:16:42 EEST 2019
On 14 Jul 2019, at 10.10, Jean-Daniel via dovecot <dovecot at dovecot.org> wrote:
> I want to monitor dovecot stats, and so I have an exporter process that run with limited rights.
> The monitoring user has only access to /var/run/dovecot/stats-reader and it works fine.
> Doveadm stats dump returns the list of all stats as expected.
> But each time I run doveadm stats dump, it logs the following error:
> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
> So what is the purpose of the stats-writer socket, and why doveadm try to open it to simply dump stats ?
> Is it really something it needs and I should update my user permissions or is it a doveadm bug ?
All Dovecot processes nowadays connect to the stats-writer process early on before they drop privileges, unless it's explicitly disabled in the code. In doveadm case I suppose most commands would want to connect to stats-writer, but we could have a per-command flag to specify that the command doesn't want stats. I'll add this to our internal Jira.
More information about the dovecot