On 14 Jul 2019, at 10.10, Jean-Daniel via dovecot <[email protected]> wrote: > > Hello, > > I want to monitor dovecot stats, and so I have an exporter process that run > with limited rights. > The monitoring user has only access to /var/run/dovecot/stats-reader and it > works fine. > Doveadm stats dump returns the list of all stats as expected. > > But each time I run doveadm stats dump, it logs the following error: > > Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission > denied > > So what is the purpose of the stats-writer socket, and why doveadm try to > open it to simply dump stats ? > Is it really something it needs and I should update my user permissions or is > it a doveadm bug ?
All Dovecot processes nowadays connect to the stats-writer process early on before they drop privileges, unless it's explicitly disabled in the code. In doveadm case I suppose most commands would want to connect to stats-writer, but we could have a per-command flag to specify that the command doesn't want stats. I'll add this to our internal Jira.
