Hi,
Simple Scenario: Shared namespace and a specific UNIX group should have access to it. System is Debian lenny (stable).
# cat /etc/dovecot/dovecot.conf [...] namespace public { separator = . prefix = Shared. location = maildir:/var/mail/shared } mail_executable = /usr/local/sbin/dovecot-imap-fix.sh mail_drop_priv_before_exec = no #just to make sure [...]
# dpkg -l | grep dovecot ii dovecot-common 1:1.0.15-2.3+lenny1 secure mail server that ii dovecot-imapd 1:1.0.15-2.3+lenny1 secure IMAP server that
# cat /usr/local/sbin/dovecot-imap-fix.sh
#!/bin/sh
cat /var/mail/shared/.Office/dovecot-acl > /tmp/dovecot-$USER
env >> /tmp/dovecot-$USER
ACL_GROUPS=groups $USER | tr ' ' ','
export ACL_GROUPS
exec /usr/lib/dovecot/imap $*
# ls -la -R /var/mail/shared/ # (cut the .,.. in output) /var/mail/shared/: total 28 drwxrwx--- 5 root office 4096 Dec 15 15:53 .Office drwxr-xr-x 2 root root 4096 Dec 14 16:55 cur -rw-r--r-- 1 root root 23 Dec 15 07:46 dovecot-acl -rw-r--r-- 1 root root 0 Dec 15 07:42 dovecot-shared drwxr-xr-x 2 root root 4096 Dec 14 16:55 new drwxr-xr-x 2 root root 4096 Dec 14 16:55 tmp
/var/mail/shared/.Office: total 24 drwxrwx--- 2 root office 4096 Dec 15 09:53 cur -rw-r--r-- 1 root root 52 Dec 15 15:53 dovecot-acl -rw-rw---- 1 root office 0 Dec 15 07:42 dovecot-shared drwxrwx--- 2 root office 4096 Dec 15 09:53 new drwxrwx--- 2 root office 4096 Dec 15 09:53 tmp
# id peter uid=1000(peter) gid=100(users) groups=51683(office),25783(ssh_users),100(users) #
Now I log in as peter but I my client (latest TB 2) does not display the office folder. In the log it claimes that it is not able to open the acl file what really can NOT be true:
Dec 15 15:56:05 mail dovecot: IMAP(peter): acl vfile: no access to file /var/mail/shared/.Office/dovecot-acl
I tried:
- su peter: Access no problem!
- ps aux: The process is running as peter
- As you can see I have debugging code in my dovecot-imap-fix.sh which successfully prints out the content of the ACL file to /tmp/user-peter
I can't image that, it seems as if it is not true.
By the way: As soon as I change the mail_executable to /usr/local/sbin/dovecot-imap-fix.sh I get this message and have absolutely no clue why:
# /etc/init.d/dovecot restart Restarting IMAP/POP3 mail server: dovecotid: dump-capability: No such user . #
Which dump-capability? Which user?
Does anybody have an idea what could be wrong here?
Thank you very much, Luke