On Aug 12, 2008, at 6:07 AM, Andrew Von Cid wrote:
I have a dovecot setup with virtual users and a passwd-file passdb.
All users have the same uid and gid. Recently I got my public
folders working using namespaces and they work great. However, now
I'm trying to share a folder between a limited number of users and
so far I failed to get it working. Symlinks aren't an option
because users need to be able to create subfolders of the shared
folder so I'm trying to do it with namespaces but I'm not sure how
to restrict access to a limited number of users.I tried doing it with groups. I made sure that the shared folder's
group is set to 'staff' and the mode is 070, I also changed the
group of a few virtual users to 'staff'. However, when I try
accessing the shared folder I get a permission denied error
(although the user is in the staff group).
How exactly are you changing virtual users' groups? You said you're
using a single UID and GID, so from the OS point of view there's only
a single user.
Can someone please recommend the best way to do this? Should I look
into ACL's?
Either that or use a different UID for all users (or the staff users).
With ACLs you could create dovecot-acl file with either:
a) Listing all the users who have access to it and their permissions
b) List staff group's access, and have your userdb return
acl_groups=staff extra field for the staff users. This will work only
with v1.1.