Hello Timo,
In my trials to setup a shared namespace with dovecot-1.1.8/LDAP passdb/userdb (prefetch)/Maildir, I found out that :
ACL are mandatory (at least if the acl plugin is triggered in dovecot.conf)
Am I correct ? I'm still not sure if we can do without ACL at all (only with unix permissions and system_user userdb extra field).
the system_user userdb extra field is supposed to be ...the logname of the user the secondary groups of whom we want to check !
i.e. if user foobar belongs to secondary groups foogid, zgid, wgid and doveshared
uid=xxx(foobar) gid=yyy(foogid) groups=zzz(zgid),www(wgid),vvv(doveshared)
and we dovecot to take them into account, we have to make the usedb return the system_user extra field with the value foobar.
Seems obvious now and said this way, but looking at the wiki :
"system_user: If this is given, the user's groups are read from /etc/group (or wherever NSS is configured to taken them from)."I thought 'system_user' was a flag (a boolean) which, when triggered made dovecot look for the secondaries group of the user (user whose name is already known).
a) am I correct ?
b) why isn't system_user such a boolean ? Is there a case where we'd want system_user to be different than the user dovecot runs as at the moment the check takes place ?
- same idea with acl_groups : since this extra_field holds a list of groups for the ACL plugin, why not rely on the native unix groups of the system the user belong to ?
Thanks (and sorry for the 2 previous threads where I was blindly confused by the system_user thing).
-- Thomas Hummel | Institut Pasteur hummel@pasteur.fr | Pôle informatique - systèmes et réseau