dovecot - Aug 2017 - /var/run/dovecot permission issues

In /usr/local/etc/dovecot/conf.d/90-plugin.conf:

service stats {
  chroot = empty
  client_limit = 0
  drop_priv_before_exec = no
  executable = stats
  extra_groups   fifo_listener stats-mail {
    group     mode = 0666
    user   }
  fifo_listener stats-user {
    group     mode = 0666
    user   }
  group   idle_kill = 4294967295 secs
  privileged_group   process_limit = 1
  process_min_avail = 0
  protocol   service_count = 0
  type   unix_listener stats {
    group     mode = 0666
    user   }
  user = $default_internal_user
  vsz_limit = 18446744073709551615 B
}



-- 
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: larryrtx at gmail.com
US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
 

On 8/17/17, 11:04 AM, "dovecot on behalf of Matt Simpson"
<dovecot-bounces at dovecot.org on behalf of dclist at list.jmatt.net>
wrote:

    
    > On Aug 17, 2017, at 9:19 AM, Matt Simpson <dclist at
list.jmatt.net> wrote:
    > 
    > I have an issue that surfaced when I tried to start using the new
metrics service, but it looks like it may be a more generic issue.
    > 
    
    When I took a closer look at this, it might be a problem with the FreeBSD
packaging of dovecot, and not in dovecot itself.
    
    I?m running FreeBSD 11, and installed dovecot as a package using standard
FreeBSD package utilities.   The install process creates a start/stop script,
and that script is creating the /var/run/dovecot directory at startup and
removing it at shutdown.
    
    The command which creates the directory is
    
    /usr/bin/install -o root -g wheel -m 0755 -d ${base_dir}
    
    which apparently just creates a directory with the specified owner and
group.
    
    At this point, I?m a little confused about the best way to proceed.  Any
other FreeBSD dovecot users here?  Currently, it looks like the startup script
is creating /var/run/dovecot, owned by root.  Then dovecot creates
/var/run/dovecot/stats-mail, also owned by root.  I could possibly alter the
startup script to create /var/run/dovecot owned by dovecot instead of root, but
I don?t think that will change the ownership of stats-mail, which seems to be
created by dovecot running as root, and then attempted to write by dovecot
running as a different user.  Does anybody know what?s going on here?

> On Aug 17, 2017, at 12:07 PM, Larry Rosenman <larryrtx at gmail.com>
wrote:
> 
> In /usr/local/etc/dovecot/conf.d/90-plugin.conf:
Thanks.  Those config statements fixed the problem.

On 8/17/2017 7:07 PM, Larry Rosenman wrote:
> In /usr/local/etc/dovecot/conf.d/90-plugin.conf:
> 
It should be enough to just set permissions as other options are defaults.

/usr/local/etc/dovecot/conf.d/10-master.conf :

service stats {
   fifo_listener stats-mail {
     mode = 0666
   }
   fifo_listener stats-user {
     mode = 0666
   }
   unix_listener stats {
     mode = 0666
   }
}

BTW I'm not sure if write permissions on 'stats-user' and
'stats' listeners are required for metrics service.
At least I have no evidence if Dovecot ever tried to write to that listeners.
Probably it is enough to set write permissions on 'stats-mail'.

I'm glad to read this thread.  I didn't even know that dovecot stats
existed.

Which statistics do you find most useful?

Bill

On 8/17/2017 3:31 PM, Matt Simpson wrote:
>> On Aug 17, 2017, at 12:07 PM, Larry Rosenman <larryrtx at
gmail.com> wrote:
>>
>> In /usr/local/etc/dovecot/conf.d/90-plugin.conf:
> Thanks.  Those config statements fixed the problem.