Debian Bug report logs - #903161
net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied

Reply or subscribe to this bug.

Display info messages

Message #5 received at [email protected] (full text, mbox, reply):

From: Marcus Frings <[email protected]>

To: Debian Bug Tracking System <[email protected]>

Subject: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied

Date: Sat, 07 Jul 2018 12:46:03 +0200

Package: dovecot-core
Version: 1:2.3.2-2
Severity: normal

Since dovecot 2.3 has entered sid, my nightly cron runs of doveadm (as
user) produce the error message, which is shown in the subject.

This has already been reported upstream:
https://www.dovecot.org/list/dovecot/2018-January/110549.html

(My situation is the same as described in the original upstream report!)

A solution has also been provided by the developers:
https://www.dovecot.org/list/dovecot/2018-January/110552.html

Hence, please consider changing the socket permissions (as suggested by
upstream) in the next package upgrade of dovecot.

-- Package-specific info:

dovecot configuration
---------------------
# 2.3.2 (582970113): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.2 ()
# OS: Linux 4.16.0-2-amd64 x86_64 Debian buster/sid 
auth_verbose = yes
auth_verbose_passwords = sha1:6
imap_id_log = *
imap_logout_format = in=%i out=%o deleted=%{deleted} expunged=%{expunged} autoexpunged=%{autoexpunged} trashed=%{trashed} appended=%{appended} hdr_count=%{fetch_hdr_count} hdr_bytes=%{fetch_hdr_bytes} body_count=%{fetch_body_count} body_bytes=%{fetch_body_bytes}
mail_attachment_detection_options = add-flags-on-save
mail_location = maildir:~/Maildir
mail_plugins = " fts fts_lucene mail_log notify"
mail_privileged_group = mail
mailbox_list_index_include_inbox = yes
namespace {
  hidden = no
  list = yes
  ___location = maildir:~/Maildir/expunged
  prefix = .EXPUNGED/
  separator = /
}
namespace inbox {
  inbox = yes
  ___location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
  separator = /
}
passdb {
  driver = pam
}
plugin {
  fts = lucene
  fts_autoindex = yes
  fts_decoder = decode2text
  fts_lucene = mime_parts whitespace_chars=@.
  lazy_expunge = .EXPUNGED/
  lazy_expunge_only_last_instance = yes
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append save mailbox_create
  mail_log_fields = uid box msgid from subject size vsize flags
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap"
service decode2text {
  executable = script /usr/local/bin/decode2text.sh
  unix_listener decode2text {
    mode = 0666
  }
  user = dovecot
}
ssl = required
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh =  # hidden, use -P to show it
ssl_key =  # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
  driver = passwd
}
verbose_ssl = yes
protocol imap {
  mail_plugins = " fts fts_lucene mail_log notify lazy_expunge"
}

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-2-amd64 (SMP w/6 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages dovecot-core depends on:
ii  adduser              3.117
ii  libapparmor1         2.12-4+b1
ii  libbz2-1.0           1.0.6-8.1
ii  libc6                2.27-3
ii  libexttextcat-2.0-0  3.4.5-1
ii  libicu60             60.2-6
ii  liblz4-1             1.8.2-1
ii  liblzma5             5.2.2-1.3
ii  libpam-runtime       1.1.8-3.7
ii  libpam0g             1.1.8-3.7
ii  libsodium23          1.0.16-2
ii  libssl1.1            1.1.0h-4
ii  libstemmer0d         0+svn585-1+b2
ii  libwrap0             7.6.q-27
ii  lsb-base             9.20170808
ii  openssl              1.1.0h-4
ii  ssl-cert             1.0.39
ii  ucf                  3.0038
ii  zlib1g               1:1.2.11.dfsg-1

dovecot-core recommends no packages.

Versions of packages dovecot-core suggests:
pn  dovecot-gssapi        <none>
ii  dovecot-imapd         1:2.3.2-2
pn  dovecot-ldap          <none>
pn  dovecot-lmtpd         <none>
ii  dovecot-lucene        1:2.3.2-2
pn  dovecot-managesieved  <none>
pn  dovecot-mysql         <none>
pn  dovecot-pgsql         <none>
pn  dovecot-pop3d         <none>
ii  dovecot-sieve         1:2.3.2-2
pn  dovecot-solr          <none>
pn  dovecot-sqlite        <none>
pn  dovecot-submissiond   <none>
pn  ntp                   <none>

Versions of packages dovecot-core is related to:
ii  dovecot-core [dovecot-common]  1:2.3.2-2
pn  dovecot-dev                    <none>
pn  dovecot-gssapi                 <none>
ii  dovecot-imapd                  1:2.3.2-2
pn  dovecot-ldap                   <none>
pn  dovecot-lmtpd                  <none>
pn  dovecot-managesieved           <none>
pn  dovecot-mysql                  <none>
pn  dovecot-pgsql                  <none>
pn  dovecot-pop3d                  <none>
ii  dovecot-sieve                  1:2.3.2-2
pn  dovecot-sqlite                 <none>

-- no debconf information

Message #14 received at [email protected] (full text, mbox, reply):

From: Apollon Oikonomopoulos <[email protected]>

To: Marcus Frings <[email protected]>, [email protected]

Subject: Re: Bug#903161: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied

Date: Sun, 25 Nov 2018 20:22:11 +0200

Control: tags -1 + moreinfo

Hi,

On 12:46 Sat 07 Jul     , Marcus Frings wrote:
> Package: dovecot-core
> Version: 1:2.3.2-2
> Severity: normal
> 
> Since dovecot 2.3 has entered sid, my nightly cron runs of doveadm (as
> user) produce the error message, which is shown in the subject.
> 
> This has already been reported upstream:
> https://www.dovecot.org/list/dovecot/2018-January/110549.html
> 
> (My situation is the same as described in the original upstream report!)
> 
> A solution has also been provided by the developers:
> https://www.dovecot.org/list/dovecot/2018-January/110552.html
> 
> Hence, please consider changing the socket permissions (as suggested by
> upstream) in the next package upgrade of dovecot.

Thanks for the report and apologies for the late response.

The issue described in the upstream mailing list is a bit different, as 
it applies to dovecot 2.3.1. Dovecot 2.3.1 by default set the 
stats-writer permissions to root:root, 0600. In 2.3.2 this was relaxed 
to root:dovecot, 0660, which means that if you add your plain user to 
the dovecot group, doveadm should work fine. Can you try this out? If it 
works, I'll add a note in README.Debian about running doveadm as 
non-root.

Thanks,
Apollon

Message #21 received at [email protected] (full text, mbox, reply):

From: Marcus Frings <[email protected]>

To: [email protected]

Cc: Apollon Oikonomopoulos <[email protected]>

Subject: Re: Bug#903161: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied

Date: Mon, 26 Nov 2018 11:29:05 +0100

[Message part 1 (text/plain, inline)]

Hi Apollon,

On Sun, 25 Nov 2018 20:22:11 +0200, Apollon Oikonomopoulos
<[email protected]> wrote:

> The issue described in the upstream mailing list is a bit different,
> as it applies to dovecot 2.3.1. Dovecot 2.3.1 by default set the 
> stats-writer permissions to root:root, 0600. In 2.3.2 this was
> relaxed to root:dovecot, 0660, which means that if you add your plain
> user to the dovecot group, doveadm should work fine. Can you try this
> out? If it works, I'll add a note in README.Debian about running
> doveadm as non-root.

I reverted my manual change of permissions
for /var/run/dovecot/stats-writer from 666 (suggested at the dovecot
mailing list) to 660 (Debian's current default) and added my
user to the dovecot group: I can confirm that running doveadm as normal
user now allows the nightly maintenance work (such as expunging mails).
Hence, it seems to work fine. 

But do you think that this is the way to go (to add ordinary users to
the dovecot group)?

Best regards,
Marcus

[Message part 2 (application/pgp-signature, inline)]

Message #26 received at [email protected] (full text, mbox, reply):

From: Apollon Oikonomopoulos <[email protected]>

To: Marcus Frings <[email protected]>, [email protected]

Subject: Re: Bug#903161: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied

Date: Mon, 26 Nov 2018 12:57:08 +0200

On 11:29 Mon 26 Nov     , Marcus Frings wrote:
> Hi Apollon,
> 
> On Sun, 25 Nov 2018 20:22:11 +0200, Apollon Oikonomopoulos
> <[email protected]> wrote:
> 
> > The issue described in the upstream mailing list is a bit different,
> > as it applies to dovecot 2.3.1. Dovecot 2.3.1 by default set the 
> > stats-writer permissions to root:root, 0600. In 2.3.2 this was
> > relaxed to root:dovecot, 0660, which means that if you add your plain
> > user to the dovecot group, doveadm should work fine. Can you try this
> > out? If it works, I'll add a note in README.Debian about running
> > doveadm as non-root.
> 
> I reverted my manual change of permissions
> for /var/run/dovecot/stats-writer from 666 (suggested at the dovecot
> mailing list) to 660 (Debian's current default) and added my
> user to the dovecot group: I can confirm that running doveadm as normal
> user now allows the nightly maintenance work (such as expunging mails).
> Hence, it seems to work fine. 
> 
> But do you think that this is the way to go (to add ordinary users to
> the dovecot group)?

It all comes down to the following question: do we trust everyone on the 
system to submit dovecot stats or not? For some people it might be okay 
to just change permissions to 0666. OTOH, upstream seems to be more 
conservative about this.

Regarding the dovecot group, upstream notes the following:

  commit 5cf6951e37bd37bb11b3335a3dbd029065143454
  Author: Timo Sirainen <[email protected]>
  Date:   Wed Feb 7 13:03:23 2018 +0200
  
      master: Add default_internal_group setting, defaulting to "dovecot"
      
      It's expected that this is the primary group of the default_internal_user.
      
      This group will be used to provide access to sockets that are generally
      required by all Dovecot processes, but aren't safe enough to be allowed
      completely open access from untrusted processes.

So, it looks like the intention is precisely to allow more fine-grained 
access control for certain sockets.

Finally, bear in mind that doveadm is an administrative tool and not 
meant to be run by "regular" users. For instance, it will fail if the 
user invoking it does not have read permissions on all files under 
/etc/dovecot/conf.d.

Regards,
Apollon

Message #31 received at [email protected] (full text, mbox, reply):

From: Marcus Frings <[email protected]>

To: Apollon Oikonomopoulos <[email protected]>

Cc: [email protected]

Subject: Re: Bug#903161: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied

Date: Mon, 26 Nov 2018 13:40:07 +0100

[Message part 1 (text/plain, inline)]

Hi Apollon,

On Mon, 26 Nov 2018 12:57:08 +0200, Apollon Oikonomopoulos
<[email protected]> wrote:

> On 11:29 Mon 26 Nov     , Marcus Frings wrote:
> > But do you think that this is the way to go (to add ordinary users
> > to the dovecot group)?  
> 
> It all comes down to the following question: do we trust everyone on
> the system to submit dovecot stats or not? For some people it might
> be okay to just change permissions to 0666. OTOH, upstream seems to
> be more conservative about this.
> 
> Regarding the dovecot group, upstream notes the following:
> 
>   commit 5cf6951e37bd37bb11b3335a3dbd029065143454
>   Author: Timo Sirainen <[email protected]>
>   Date:   Wed Feb 7 13:03:23 2018 +0200
>   
>       master: Add default_internal_group setting, defaulting to
> "dovecot" 
>       It's expected that this is the primary group of the
> default_internal_user. 
>       This group will be used to provide access to sockets that are
> generally required by all Dovecot processes, but aren't safe enough
> to be allowed completely open access from untrusted processes.
> 
> So, it looks like the intention is precisely to allow more
> fine-grained access control for certain sockets.

Yes, I agree and see your point. Thanks for the additional information
by providing the upstream commit notes with respect to this issue. So
maybe it's the best solution to add a few lines to README.Debian as you
initially suggested.

Best regards,
Marcus

[Message part 2 (application/pgp-signature, inline)]

Message #36 received at [email protected] (full text, mbox, reply):

From: Tomas Pospisek <[email protected]>

To: Debian Bug Tracking System <[email protected]>

Subject: please see related documentation bug

Date: Mon, 29 Jul 2019 17:49:32 +0200

Package: dovecot-core
Version: 1:2.3.4.1-5
Followup-For: Bug #903161

Please also see related documentation bug ticket #933330

Message #41 received at [email protected] (full text, mbox, reply):

From: Josh Triplett <[email protected]>

To: [email protected], [email protected]

Subject: Same issue here; solution found

Date: Wed, 28 Aug 2019 17:43:28 -0700

I ran into a similar issue here, whenever I ran the "deliver" process as
a user to deliver mail into IMAP folders (invoked from getmail).
"deliver" delivered the mail but then produces the error about writing
statistics, so getmail correctly concluded that the process errored.

I don't want to make statistics-writing available to all users. I don't
actually care about the statistics. So I figured out how to disable
statistics.

I found this commit in the changelog:

2017-12-22 13:27:48 +0200 Timo Sirainen <[email protected]> (aa572aa74)

    lib-master: Hide connect(stats-writer) errors when running via CLI

    Only hide errors that occur if the stats process isn't running, i.e. when
    socket isn't found or there's no listener. This way e.g. permission errors
    are still logged, which points to a wrong configuration.


So if the stats sockets don't exist at *all*, deliver won't complain.

To disable those stats sockets, add the following configuration to a
file in /etc/dovecot/conf.d/ :

service stats {
  unix_listener stats-reader {
    mode = 0
  }
  unix_listener stats-writer {
    mode = 0
  }
}

service old-stats {
  fifo_listener old-stats-mail {
    mode = 0
  }
  fifo_listener old-stats-user {
    mode = 0
  }
  unix_listener old-stats {
    mode = 0
  }
}

(Per https://wiki2.dovecot.org/Services , setting mode to 0 disables the
socket entirely.)

Then restart dovecot, and then delete /run/dovecot/stats-* and
/run/dovecot/old-stats-*. You can then run deliver without errors.

Hope that helps.

Message #46 received at [email protected] (full text, mbox, reply):

From: Josh Triplett <[email protected]>

To: [email protected], [email protected]

Subject: Re: Same issue here; solution found

Date: Wed, 28 Aug 2019 17:57:18 -0700

On Wed, Aug 28, 2019 at 05:43:27PM -0700, Josh Triplett wrote:
> So if the stats sockets don't exist at *all*, deliver won't complain.
> 
> To disable those stats sockets, add the following configuration to a
> file in /etc/dovecot/conf.d/ :

Update: sadly this doesn't fully work, as it produces the following
spurious errors in the logs:

Aug 28 17:54:27 cloud dovecot[3168]: imap-login: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
Aug 28 17:54:27 cloud dovecot[3168]: auth: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
Aug 28 17:54:27 cloud dovecot[3168]: auth: Error: stats: open(old-stats-user) failed: No such file or directory
Aug 28 17:54:28 cloud dovecot[3168]: auth: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
Aug 28 17:54:28 cloud dovecot[3168]: auth-worker(3182): Error: stats: open(old-stats-user) failed: No such file or directory
Aug 28 17:54:28 cloud dovecot[3168]: imap: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory

So while deliver has no problem ignoring such errors, the rest of
dovecot unfortunately doesn't like that configuration.

I'd like to have a "disable all stats" configuration, rather than having
to make a stats socket available to the user running deliver.

Message #51 received at [email protected] (full text, mbox, reply):

From: Timo Sirainen <[email protected]>

To: Josh Triplett <[email protected]>, [email protected]

Cc: [email protected]

Subject: Re: Bug#903161: Same issue here; solution found

Date: Thu, 29 Aug 2019 13:08:32 +0300

On 29 Aug 2019, at 3.57, Josh Triplett <[email protected]> wrote:
> 
> On Wed, Aug 28, 2019 at 05:43:27PM -0700, Josh Triplett wrote:
>> So if the stats sockets don't exist at *all*, deliver won't complain.
>> 
>> To disable those stats sockets, add the following configuration to a
>> file in /etc/dovecot/conf.d/ :
> 
> Update: sadly this doesn't fully work, as it produces the following
> spurious errors in the logs:
> 
> Aug 28 17:54:27 cloud dovecot[3168]: imap-login: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
> Aug 28 17:54:27 cloud dovecot[3168]: auth: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
> Aug 28 17:54:27 cloud dovecot[3168]: auth: Error: stats: open(old-stats-user) failed: No such file or directory
> Aug 28 17:54:28 cloud dovecot[3168]: auth: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
> Aug 28 17:54:28 cloud dovecot[3168]: auth-worker(3182): Error: stats: open(old-stats-user) failed: No such file or directory
> Aug 28 17:54:28 cloud dovecot[3168]: imap: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
> 
> So while deliver has no problem ignoring such errors, the rest of
> dovecot unfortunately doesn't like that configuration.
> 
> I'd like to have a "disable all stats" configuration, rather than having
> to make a stats socket available to the user running deliver.

Add to dovecot.conf: stats_writer_socket_path=

Message #56 received at [email protected] (full text, mbox, reply):

From: Josh Triplett <[email protected]>

To: Timo Sirainen <[email protected]>

Cc: [email protected], [email protected]

Subject: Re: Bug#903161: Same issue here; solution found

Date: Thu, 29 Aug 2019 10:49:04 -0700

On Thu, Aug 29, 2019 at 01:08:32PM +0300, Timo Sirainen wrote:
> On 29 Aug 2019, at 3.57, Josh Triplett <[email protected]> wrote:
> > 
> > On Wed, Aug 28, 2019 at 05:43:27PM -0700, Josh Triplett wrote:
> >> So if the stats sockets don't exist at *all*, deliver won't complain.
> >> 
> >> To disable those stats sockets, add the following configuration to a
> >> file in /etc/dovecot/conf.d/ :
> > 
> > Update: sadly this doesn't fully work, as it produces the following
> > spurious errors in the logs:
> > 
> > Aug 28 17:54:27 cloud dovecot[3168]: imap-login: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
> > Aug 28 17:54:27 cloud dovecot[3168]: auth: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
> > Aug 28 17:54:27 cloud dovecot[3168]: auth: Error: stats: open(old-stats-user) failed: No such file or directory
> > Aug 28 17:54:28 cloud dovecot[3168]: auth: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
> > Aug 28 17:54:28 cloud dovecot[3168]: auth-worker(3182): Error: stats: open(old-stats-user) failed: No such file or directory
> > Aug 28 17:54:28 cloud dovecot[3168]: imap: Error: net_connect_unix(/var/run/dovecot/stats-writer) failed: No such file or directory
> > 
> > So while deliver has no problem ignoring such errors, the rest of
> > dovecot unfortunately doesn't like that configuration.
> > 
> > I'd like to have a "disable all stats" configuration, rather than having
> > to make a stats socket available to the user running deliver.
> 
> Add to dovecot.conf: stats_writer_socket_path=

Interesting! I'll try that and see how it goes.

Message #61 received at [email protected] (full text, mbox, reply):

From: Bjørn Mork <[email protected]>

To: [email protected]

Subject: changing socket permissions seems to be the best solution for now

Date: Tue, 19 Nov 2019 16:11:55 +0100

I tried the different methods suggested in this bug report, but had
no success with any of them.

Using

  stats_writer_socket_path=

causes "doveadm index" to fail with

 bjorn@canardo:~$ doveadm index -q -u bjorn INBOX.Spam
 doveadm(bjorn): Error: net_connect_unix() failed: Connection refused

This can probably be worked around.  But I'd prefer too many hacks just
to make stuff work again...

For now I ended up using:

service stats {
  unix_listener stats-writer {
    mode = 0666
  }
}


I don't want to add mail users to the dovecot group. It's unclear to me
what privileges this will result in now and in the future. And I don't
want to maintain yet another mail user group anyway.

This mess should really be sorted out.  Either there should be a way to
easily disable the stats service, or using it should be allowed for all
currently unprivileged operations.  By default.



Bjørn

Message #66 received at [email protected] (full text, mbox, reply):

From: Milan <[email protected]>

To: [email protected]

Subject: Patch included upstream

Date: Sun, 12 Apr 2020 15:45:22 +0200

I use Dovecot 1:2.3.4.1-5+deb10u1 on Debian 10. Setting
"stats_writer_socket_path=" does not resolve the issue in my case, I
also get "net_connect_unix() failed". The following patch is supposed
to fix the issue:

https://dovecot.org/pipermail/dovecot/2019-January/114170.html
https://github.com/dovecot/core/commit/3fdb968687bf896a3e13c846e5eb6f0310dff65b

Can this patch be included in Dovecot on Debian 10? 

Best regards.

Message #73 received at [email protected] (full text, mbox, reply):

From: sloth 96 <[email protected]>

To: [email protected]

Subject: Re: Patch included upstream

Date: Sun, 8 May 2022 16:04:31 -0400

[Message part 1 (text/plain, inline)]

On Sun, 12 Apr 2020 15:45:22 +0200 Milan <[email protected]> wrote:
> I use Dovecot 1:2.3.4.1-5+deb10u1 on Debian 10. Setting
> "stats_writer_socket_path=" does not resolve the issue in my case, I
> also get "net_connect_unix() failed". The following patch is supposed
> to fix the issue:
>
> https://dovecot.org/pipermail/dovecot/2019-January/114170.html
>
https://github.com/dovecot/core/commit/3fdb968687bf896a3e13c846e5eb6f0310dff65b
>
> Can this patch be included in Dovecot on Debian 10?
>
> Best regards.
>
>

Has there been any updates that should fix this issue?

Thanks.

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.