ACL user

[Peter Chiochetti]

Am 2016-02-08 um 11:50 schrieb Timo Sirainen:
> On 05 Feb 2016, at 17:42, Peter Chiochetti <pch at myzel.net> wrote:
>>
>> How would I go, If I wanted ACL processing to start with
>> %{auth_user} instead of %{user} when determining rights?
>
> You could kludge it by returning master_user=%{auth_user} in userdb,
> but that might affect other things..
> […]

I tested the kludge: I put userdb_master_user=someone into the static 
passwd file for a certain auth_user and now global ACLs apply; as an 
extra bonus now userdb_acl_groups=somegroup starts to be applied too for 
that account!

Observations:
- my virtual users start with no rights
- I add rights in the global dovecot-acl file
- changes work immediately, no restart necessary
- only users with a master_user set are affected
- in the future a single stance in local.conf will apply to all users

I could not put master_user=%{auth_user} into the userdb stance (nor the 
passwd file), because the parser does not expand the variable, possibly 
a formatting error on my side: "doveadm -D acl debug -u myname INBOX" 
then prints:
> Debug: Added userdb setting: plugin/master_user=auth_user}

After all, once more
A happy dovecot user!

-- 
peter