Doveadm error since 2.3.11.3 when run as unprivileged user

Arjen de Korte build+dovecot at de-korte.org
Thu Aug 13 22:16:42 EEST 2020


Citeren Timo Sirainen <timo at sirainen.com>:

> On 13. Aug 2020, at 11.29, Timo Sirainen <timo at sirainen.com> wrote:
>>
>> On 13. Aug 2020, at 11.00, Arjen de Korte  
>> <build+dovecot at de-korte.org> wrote:
>>>
>>> I allow users to run 'doveadm' for mailbox maintenance (to expunge  
>>> mail for instance). Since the upgrade to 2.3.11.3, this no longer  
>>> works and results in the following error message:
>>>
>>> doveconf: Fatal: Error in configuration file  
>>> /etc/dovecot/conf.d/10-ssl.conf line 13: ssl_key: Can't open file  
>>> /etc/ssl/private/de-korte.org.key: Permission denied
>>>
>>> This is no surprise, as non-privileged users are not allowed to  
>>> read the private keys of the server. Question is, why is doveadm  
>>> trying to read this key in the first place (it is not needed for  
>>> mailbox maintenance) and why is it failing now?
>>
>> There were some ssl setting handling cleanups in v2.3.11, which  
>> caused this. I guess the proper fix for this would be to split SSL  
>> client settings and SSL server settings. So doveadm would still  
>> read the SSL client settings without trying to read the SSL server  
>> settings and failing there.
>
> As a workaround, it should be possible to put the ssl_key into a  
> separate config file and use !Include_try for it. For example in  
> dovecot.conf:
>
> !include_try ssl-keys.conf

That will only work to include an optional configuration file and  
suppress errors if it doesn't exist. I put

ssl_key = </etc/ssl/private/de-korte.org.key

in a separate configuration file and it failed in a similar fashion,  
just with another filename.




More information about the dovecot mailing list