Dovecot 2.3 - using doveadm as non-root?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Dovecot 2.3 - using doveadm as non-root?

Rob Hoelz
Hi dovecot developers and users,

I recently upgraded my server running Arch Linux to dovecot 2.3.0, and I
noticed some of my cron jobs started issuing me error messages.  These
cron jobs run as a non-root user associated with my mail account, and
they use doveadm to tidy things up (ex. purging the trash, moving
old mail in certain folders into the trash).  The error message is:

> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
> Permission denied

I assume this is doveadm trying to participate in the new 2.3 stats
process, and after reading the code a bit, I can't see way to tell
doveadm to not connect to the stats writer.  The socket is owned by
root with 600 permissions.

What would be the right way to remedy this?  AFAICT, I could potentially
run doveadm as root (which I would prefer to avoid), or I could change
the permissions on the stats writer socket, but I would hate to
introduce any sort of security vulnerability by doing so.  I currently
have a scrappy Perl script that just runs doveadm and filters out the
error message (it doesn't seem to affect the behavior of doveadm other
than the message), but that feels dirty and I would prefer a cleaner
solution.  Any advice?

Thanks,
Rob
Reply | Threaded
Open this post in threaded view
|

Re: Dovecot 2.3 - using doveadm as non-root?

Timo Sirainen
On 3 Jan 2018, at 11.38, Rob Hoelz <[hidden email]> wrote:

>
> Hi dovecot developers and users,
>
> I recently upgraded my server running Arch Linux to dovecot 2.3.0, and I
> noticed some of my cron jobs started issuing me error messages.  These
> cron jobs run as a non-root user associated with my mail account, and
> they use doveadm to tidy things up (ex. purging the trash, moving
> old mail in certain folders into the trash).  The error message is:
>
>> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
>> Permission denied
>
> I assume this is doveadm trying to participate in the new 2.3 stats
> process, and after reading the code a bit, I can't see way to tell
> doveadm to not connect to the stats writer.  The socket is owned by
> root with 600 permissions.
>
> What would be the right way to remedy this?  AFAICT, I could potentially
> run doveadm as root (which I would prefer to avoid), or I could change
> the permissions on the stats writer socket, but I would hate to
> introduce any sort of security vulnerability by doing so.  I currently
> have a scrappy Perl script that just runs doveadm and filters out the
> error message (it doesn't seem to affect the behavior of doveadm other
> than the message), but that feels dirty and I would prefer a cleaner
> solution.  Any advice?

I was wondering what to do about this while developing it. I think you can disable this by clearing out the socket path:

doveadm -o stats_writer_socket_path=

But .. I think the changing the socket permissions is the better solution. The new stats process should know about everything that is going on in the system, and these doveadm calls are part of that. So if they're excluded then the stats aren't exactly correct. The stats-writer can't do all that much harm other than messing up the statistics or probably crashing stats process by using up all of its memory.

Reply | Threaded
Open this post in threaded view
|

Re: Dovecot 2.3 - using doveadm as non-root?

Rob Hoelz-2
On Wed, 3 Jan 2018 13:37:07 -0500
Timo Sirainen <[hidden email]> wrote:

> On 3 Jan 2018, at 11.38, Rob Hoelz <[hidden email]> wrote:
> >
> > Hi dovecot developers and users,
> >
> > I recently upgraded my server running Arch Linux to dovecot 2.3.0,
> > and I noticed some of my cron jobs started issuing me error
> > messages.  These cron jobs run as a non-root user associated with
> > my mail account, and they use doveadm to tidy things up (ex.
> > purging the trash, moving old mail in certain folders into the
> > trash).  The error message is:
> >
> >> Error: net_connect_unix(/var/run/dovecot/stats-writer) failed:
> >> Permission denied
> >
> > I assume this is doveadm trying to participate in the new 2.3 stats
> > process, and after reading the code a bit, I can't see way to tell
> > doveadm to not connect to the stats writer.  The socket is owned by
> > root with 600 permissions.
> >
> > What would be the right way to remedy this?  AFAICT, I could
> > potentially run doveadm as root (which I would prefer to avoid), or
> > I could change the permissions on the stats writer socket, but I
> > would hate to introduce any sort of security vulnerability by doing
> > so.  I currently have a scrappy Perl script that just runs doveadm
> > and filters out the error message (it doesn't seem to affect the
> > behavior of doveadm other than the message), but that feels dirty
> > and I would prefer a cleaner solution.  Any advice?
>
> I was wondering what to do about this while developing it. I think
> you can disable this by clearing out the socket path:
>
> doveadm -o stats_writer_socket_path=
>
> But .. I think the changing the socket permissions is the better
> solution. The new stats process should know about everything that is
> going on in the system, and these doveadm calls are part of that. So
> if they're excluded then the stats aren't exactly correct. The
> stats-writer can't do all that much harm other than messing up the
> statistics or probably crashing stats process by using up all of its
> memory.
>

Thanks for the advice, Timo - I went ahead and applied the permission change to my dovecot config.  On a side note, thanks for dovecot in general - it's a great piece of software!

-Rob