Doveadm error since 2.3.11.3 when run as unprivileged user
Arjen de Korte
build+dovecot at de-korte.org
Thu Aug 13 22:16:42 EEST 2020
Citeren Timo Sirainen <timo at sirainen.com>:
> On 13. Aug 2020, at 11.29, Timo Sirainen <timo at sirainen.com> wrote:
>>
>> On 13. Aug 2020, at 11.00, Arjen de Korte
>> <build+dovecot at de-korte.org> wrote:
>>>
>>> I allow users to run 'doveadm' for mailbox maintenance (to expunge
>>> mail for instance). Since the upgrade to 2.3.11.3, this no longer
>>> works and results in the following error message:
>>>
>>> doveconf: Fatal: Error in configuration file
>>> /etc/dovecot/conf.d/10-ssl.conf line 13: ssl_key: Can't open file
>>> /etc/ssl/private/de-korte.org.key: Permission denied
>>>
>>> This is no surprise, as non-privileged users are not allowed to
>>> read the private keys of the server. Question is, why is doveadm
>>> trying to read this key in the first place (it is not needed for
>>> mailbox maintenance) and why is it failing now?
>>
>> There were some ssl setting handling cleanups in v2.3.11, which
>> caused this. I guess the proper fix for this would be to split SSL
>> client settings and SSL server settings. So doveadm would still
>> read the SSL client settings without trying to read the SSL server
>> settings and failing there.
>
> As a workaround, it should be possible to put the ssl_key into a
> separate config file and use !Include_try for it. For example in
> dovecot.conf:
>
> !include_try ssl-keys.conf
That will only work to include an optional configuration file and
suppress errors if it doesn't exist. I put
ssl_key = </etc/ssl/private/de-korte.org.key
in a separate configuration file and it failed in a similar fashion,
just with another filename.
More information about the dovecot
mailing list