[Dovecot] restricting shared folders access
Andrew Von Cid
andrew at accid.net
Thu Aug 14 14:12:29 EEST 2008
Hi Timo,
Thanks for your reply.
> How exactly are you changing virtual users' groups? You said you're
> using a single UID and GID, so from the OS point of view there's only
> a single user.
>
Makes sense.
> Either that or use a different UID for all users (or the staff users).
> With ACLs you could create dovecot-acl file with either:
>
> a) Listing all the users who have access to it and their permissions
> b) List staff group's access, and have your userdb return
> acl_groups=staff extra field for the staff users. This will work only
> with v1.1.
I'm running 1.0.10 so I tried option 'a' using global ACLs. However, I
have a number of problems:
I'm unable to grant permissions on the whole namespace, only per
folder. Is this normal?
Is it possible to grant permissions to a folder and all of it's
subfolders? I gave a user the permission to create subfolders of a
folder, but it looks like I need to create a new ACL for every subfolder
created, otherwise it won't be visible.
When I enabled the ACL plugin then my other public namespace became
inaccessible. When I try to access any of it's folders with Thunderbird
I get "Mailbox doesn't exist" error. Is it possible to allow access by
default unless there is an ACL that says otherwise?
The basic thing that I'm trying to do is to have two namespaces. One
public, shared between all users with read-write permission. And the
other accessible only to a small group of staff users. In both cases
users need to be able to create and access any subfolders without my
intervention. If I change the UID of the staff users then they won't
be able to access the public namespace, so this isn't great either. Is
there any way I can get this working with Dovecot?
Many thanks,
Andrew
More information about the dovecot
mailing list