Dear fellow Dovecot users,
I've recently been aiding in the fixing up of the old dovecot_stats_
munin plugin. Currently, it still parses the output of doveadm oldstats,
as it is quite an old script. Regardless of any feelings we may all have
about oldstats, I was quite surprised to find that doveadm requires
quite broad privileges (in my case root privileges) to function
properly. It seems that any call to doveadm, even for "doveadm oldstats
dump domain" runs doveconf and will attempt to fully parse my
configuration including trying to read SSL/TLS certificates. Due to this
choice, the fact the FIFO of oldstats can be given low privileges,
doveadm still has to be invoked with high privileges or it will fail at
the stage of verifying configuration.
Now I'm wondering why it's the case that a command such as "doveadm
oldstats dump domain" is invoking doveconf and therefore has these kinds
of limitations. While for basically all non-stats functions of doveadm,
running as root (or similar) makes a lot of sense, I'd argue it doesn't
for oldstats (and maybe also the new stats?), which simply talk to a
socket. Is there a certain reasoning behind this, or is this accidental
behaviour because of the standard operations doveadm always performs?
Any elaboration would be more than welcome!
Kind regards,
Bert