The shared mailbox and all its files and subdirectories are owned by the 'dovecot' user and by the 'domain users' group that all users belong to. The ACL restrictions cause a reduction (i.e. more fine-grained constraint) in privileges. In other words, at the system-file level, everyone can read the directory/files, but at the ACL level, only members of some particular list of groups should be able to read them.
And as I said, the user=<username> constraint seems to work fine, but group=<groupname> does not. It looks like the group=<groupname> constraint just never matches anyone. So I might have group=admins and "joeblow" is in group admins, but Dovecot thinks that he isn't.
Adam McDougall wrote:
What are the directory and file permissions of your shared folder, and do your <permissions> cause an increase or reduction of permissions compared to the dir and file permissions, or some of both?
On Mon, May 07, 2007 at 02:47:40PM -0400, Matt Zukowski wrote:
I would just add to this that simply putting a dovecot-acl file in a shared folder with "user=<username> <permissions>" does work just fine for us (without the complicated setup described below). Our problem is that group-based restrictions don't work at all (i.e. "group=<groupname> <permissions>", as described in the manual).
I'm also trying to figure out what the force-group ACL identifier is supposed to mean.
.... I gotta stop hitting "reply" for this list. I keep accidentally sending messages to the original authors rather than to the mailing list :)
This e-mail message is privileged, confidential and subject to copyright. Any unauthorized use or disclosure is prohibited. Le contenu du pr'esent courriel est privil'egi'e, confidentiel et soumis `a des droits d'auteur. Il est interdit de l'utiliser ou de le divulguer sans autorisation.