[Dovecot] Confused about permissions needed for shared mailbox

Thomas Hummel hummel at pasteur.fr
Wed Jan 28 17:06:20 EET 2009


Hello,

let me re-state, hopefully in clearer terms, what I tried to described in a previous thread :

With dovecot-1.1.8/Maildir/LDAP pass/userdb (prefetch), I'm trying to set up a
Maildir ".box" shared in rw between 2 users in a "Public" namespace. I can't
get it to work unless I chmod 777 everything, which obiously is not what I
want.

1) am I correct thinking that the system_user userdb extra_field and unix
permissions should be enough to achieve that and that ACLs is only if I want to
fine tunes mailbox permissions ?

2) let's say that my public namespace prefix is Public/, that the .box/ maildir is in

  /path/to/public/.box

and my 2 users belong to the doveshared unix group.

I thought it would be enough to have 

  drwxrws---  3 root  doveshared  4096 Jan 28 14:55 public
  drwxrws---  3 root  doveshared  4096 Jan 28 14:55 public/.box
  -rwxrws---  1 root  doveshared     0 Jan 26 18:25 public/.box/dovecot-shared

provided that my prefetch userdb returns system_user, as I think the following says in dovecot-ldap.conf :

  pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,,,uidNumber=userdb_uid,gidNumber=userdb_gid,shadowMax=userdb_system_user

and providedt that in LDAP shadowMax: 80 (whatever value).

But this doesn't seem to work.

By the way : Am I supposed to have a dovecot-shared file in public as well
(that is not only in public/.box) ?

3) let's say I try ACLs with the same setup (anyone <all permissions> for starters)

would

  pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,,,uidNumber=userdb_uid,gidNumber=userdb_gid,shadowMax=userdb_system_user.title=userdb_acl_groups

and

title: group1,doveshared

be a correct setup ?

Do I need an dovecot-acl file only in .box or in public too ?

My understanding is that my setup doesn't work because for some reason, dovecot
doesn't see my users secondary groups or doesnt take them into account...

Any thoughts which might help ?

-- 
Thomas Hummel 	    | Institut Pasteur
<hummel at pasteur.fr> | Pôle informatique - systèmes et réseau


More information about the dovecot mailing list