The following came as a nasty surprise while testing Dovecot 2.4.1-4:

alice@host $ doveadm mailbox list -u $(whoami) doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 61: cert_file: open(/path/to/cert.pem) failed: Permission denied

Unprivileged user Alice does not have access to cert.pem, nor does she need it. Calling "doveadm flags ..." causes the same error. I suspect other subcommands are affected as well, but did not test it.

The technical reason might be that dovecot.conf is parsed for each doveadm invocation? In any case, the certificate access check for subcommands like "flags" or "mailbox" seems like a bug to me.

-Ralph