Jean-Daniel
2019-Jul-14 07:10 UTC
Purpose of stats-writer and why doveadm try to open it to dump stats ?
Hello, I want to monitor dovecot stats, and so I have an exporter process that run with limited rights. The monitoring user has only access to /var/run/dovecot/stats-reader and it works fine. Doveadm stats dump returns the list of all stats as expected. But each time I run doveadm stats dump, it logs the following error: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied So what is the purpose of the stats-writer socket, and why doveadm try to open it to simply dump stats ? Is it really something it needs and I should update my user permissions or is it a doveadm bug ?
Timo Sirainen
2019-Jul-14 22:16 UTC
Purpose of stats-writer and why doveadm try to open it to dump stats ?
On 14 Jul 2019, at 10.10, Jean-Daniel via dovecot <dovecot at dovecot.org> wrote:> > Hello, > > I want to monitor dovecot stats, and so I have an exporter process that run with limited rights. > The monitoring user has only access to /var/run/dovecot/stats-reader and it works fine. > Doveadm stats dump returns the list of all stats as expected. > > But each time I run doveadm stats dump, it logs the following error: > > Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied > > So what is the purpose of the stats-writer socket, and why doveadm try to open it to simply dump stats ? > Is it really something it needs and I should update my user permissions or is it a doveadm bug ?All Dovecot processes nowadays connect to the stats-writer process early on before they drop privileges, unless it's explicitly disabled in the code. In doveadm case I suppose most commands would want to connect to stats-writer, but we could have a per-command flag to specify that the command doesn't want stats. I'll add this to our internal Jira.