[Dovecot] Dovecot read only for users
All,
I have hopefully a base question. How do you give users only read access to their inbox and folders? If I use chmod 600 they have full access. If I do a 400 they have read access but cannot access their inbox.
The config file is the out of the box config other than advertising IMAP and IMAPS.
Any help will be appreciated. Thanks.
JC wrote:
All,
I have hopefully a base question. How do you give users only read access to their inbox and folders? If I use chmod 600 they have full access. If I do a 400 they have read access but cannot access their inbox.
The config file is the out of the box config other than advertising IMAP and IMAPS.Any help will be appreciated. Thanks.
Saying that the config is "out of the box" is meaningless because so many different people put out different builds of different versions of Dovecot, and even builds from the release source code can vary depending on the specific environment of the build.
As the Dovecot website says in reference to this mailing list, you should specify your Dovecot version, your OS and version (and with Linux, the specific distribution,) your CPU architecture (not everyone uses x86,) the type of filesystem you are using for mailboxes, and "dovecot -n" output.
On 10/26/2008, Bill Cole (dovecot-20061108@billmail.scconsult.com) wrote:
As the Dovecot website says in reference to this mailing list, you should specify your Dovecot version, your OS and version (and with Linux, the specific distribution,) your CPU architecture (not everyone uses x86,) the type of filesystem you are using for mailboxes, and "dovecot -n" output.
Maybe 'dovecot -n' could also provide basic system info (it already does for the dovecot version)? I know the command varies depending on said architecture, but for most systems it could probably easily figure this out?
Just a thought...
--
Best regards,
Charles
on 10-27-2008 3:51 AM Charles Marcus spake the following:
On 10/26/2008, Bill Cole (dovecot-20061108@billmail.scconsult.com) wrote:
As the Dovecot website says in reference to this mailing list, you should specify your Dovecot version, your OS and version (and with Linux, the specific distribution,) your CPU architecture (not everyone uses x86,) the type of filesystem you are using for mailboxes, and "dovecot -n" output.
Maybe 'dovecot -n' could also provide basic system info (it already does for the dovecot version)? I know the command varies depending on said architecture, but for most systems it could probably easily figure this out?
Just a thought...
Maybe it could brew you a nice cup of tea also?
Come on... Timo can't do *all* of your work. ;-D
-- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!
But then Dovecot wouldn't be able to take evasive action when the ancient computers of Magrathea fire missiles at us :)
Scott Silva wrote:
on 10-27-2008 3:51 AM Charles Marcus spake the following:
On 10/26/2008, Bill Cole (dovecot-20061108@billmail.scconsult.com) wrote:
As the Dovecot website says in reference to this mailing list, you should specify your Dovecot version, your OS and version (and with Linux, the specific distribution,) your CPU architecture (not everyone uses x86,) the type of filesystem you are using for mailboxes, and "dovecot -n" output.
Maybe 'dovecot -n' could also provide basic system info (it already does for the dovecot version)? I know the command varies depending on said architecture, but for most systems it could probably easily figure this out?
Just a thought...
Maybe it could brew you a nice cup of tea also?
Come on... Timo can't do *all* of your work. ;-D
On 10/27/2008 12:29 PM, Scott Silva wrote:
Maybe 'dovecot -n' could also provide basic system info (it already does for the dovecot version)? I know the command varies depending on said architecture, but for most systems it could probably easily figure this out?
Just a thought...
Maybe it could brew you a nice cup of tea also?
Come on... Timo can't do *all* of your work. ;-D
Actually, I was thinking more along the lines of making it *easier* for Timo (in the long run)... but yeah, I know what you mean... ;)
The fact is the more info dovecot -n provides for troubleshooting purposes, the easier it will be to spot the problem without anyone having to ask for additional info.
For example, it would be nice if dovecot-sql contents (if any) were included in output of dovecot -n too (and Timo has mentioned that someday it will be)...
--
Best regards,
Charles
On Mon, 2008-10-27 at 06:51 -0400, Charles Marcus wrote:
On 10/26/2008, Bill Cole (dovecot-20061108@billmail.scconsult.com) wrote:
As the Dovecot website says in reference to this mailing list, you should specify your Dovecot version, your OS and version (and with Linux, the specific distribution,) your CPU architecture (not everyone uses x86,) the type of filesystem you are using for mailboxes, and "dovecot -n" output.
Maybe 'dovecot -n' could also provide basic system info (it already does for the dovecot version)? I know the command varies depending on said architecture, but for most systems it could probably easily figure this out?
Just a thought...
Added. Now it prints:
# 1.1.5: /usr/local/etc/dovecot.conf # OS: Linux 2.6.26 x86_64 Debian lenny/sid ext3
I added Linux distro checks for printing the first line from:
/etc/redhat-release /etc/SuSE-release /etc/mandriva-release /etc/fedora-release /etc/debian_version
First however it checks for /etc/lsb-release and if it exists, prints DISTRIB_DESCRIPTION contents. I guess Ubuntu is the only distro currently using that file..
The filesystem is looked up by getting the mount information for the directory in mail_location. That's not correct in all setups, but probably correct for most.
Any other suggestions that I could add before 1.1.6 release, which I'm really trying to release today? :)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Two more to add: /etc/sourcemage-release /etc/slackware-version
:)
Andraž "ruskie" Levstik Source Mage GNU/Linux Games grimoire guru Geek/Hacker/Tinker
Be sure brain is in gear before engaging mouth. Quis custodiet ipsos custodies. Ryle hira.
Key id = F4C1F89C Key fingerprint = 6FF2 8F20 4C9D DB36 B5B6 F134 884D 72CC F4C1 F89C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJCKjziE1yzPTB+JwRAqzUAKClFkLWdNULjg0wgSPE60PYz2TjtgCZAa0k 3W/5a5AzIcGFT7OS8RjWn2c= =9GJI -----END PGP SIGNATURE-----
On Wed, 2008-10-29 at 19:18 +0100, Andraž 'ruskie' Levstik wrote:
/etc/sourcemage-release
Does this contain Sourcemage name in some way?
/etc/slackware-version
Does this contain Slackware name in some way?
(Most seem to, but Debian is an exception and contains only "lenny/sid" with me, so I prefix manually it with "Debian ").
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 29 Oct 2008, Timo Sirainen wrote:
On Wed, 2008-10-29 at 19:18 +0100, Andraž 'ruskie' Levstik wrote:
/etc/sourcemage-release
Does this contain Sourcemage name in some way?
cat /etc/sourcemage-release Source Mage GNU/Linux 0.9.6.1 i486-pc-linux-gnu Installed from CD using installer v. 0.9.6.1 on Fri Feb 23 17:44:19 UTC 2007
/etc/slackware-version
Does this contain Slackware name in some way?
cat /etc/slackware-version Slackware 12.0.0
(Most seem to, but Debian is an exception and contains only "lenny/sid" with me, so I prefix manually it with "Debian ").
So that would be yes ;)
Andraž "ruskie" Levstik Source Mage GNU/Linux Games grimoire guru Geek/Hacker/Tinker
Be sure brain is in gear before engaging mouth. Quis custodiet ipsos custodies. Ryle hira.
Key id = F4C1F89C Key fingerprint = 6FF2 8F20 4C9D DB36 B5B6 F134 884D 72CC F4C1 F89C
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJCKrAiE1yzPTB+JwRArpDAJ9blGntt9XwVehbm9C6qDoC+HT+CACgqyoi rCbFVfar/FNHwhWpPeUKJss= =Slio -----END PGP SIGNATURE-----
On 10/29/2008, Andra~ 'ruskie' Levstik (ruskie@codemages.net) wrote:
Two more to add: /etc/sourcemage-release /etc/slackware-version
One more:
/etc/gentoo-release
Hmmm... this doesn't really contain useful info though...
~ # cat /etc/gentoo release Gentoo Base System release 1.12.11.1
maybe some forme of the uname command?
~ # uname -orpm 2.6.23-gentoo-r9 x86_64 AMD Opteron(tm) Processor 244 GNU/Linux
--
Best regards,
Charles
On Wed, 2008-10-29 at 14:37 -0400, Charles Marcus wrote:
On 10/29/2008, Andra~ 'ruskie' Levstik (ruskie@codemages.net) wrote:
Two more to add: /etc/sourcemage-release /etc/slackware-version
One more:
/etc/gentoo-release
Added.
Hmmm... this doesn't really contain useful info though...
~ # cat /etc/gentoo release Gentoo Base System release 1.12.11.1
Looks just fine.
maybe some forme of the uname command?
~ # uname -orpm 2.6.23-gentoo-r9 x86_64 AMD Opteron(tm) Processor 244 GNU/Linux
uname() is also used. It would probably print with you:
# OS: Linux 2.6.23-gentoo-r9 x86_64 Gentoo Base System release 1.12.11.1
On 10/29/2008 2:41 PM, Timo Sirainen wrote:
/etc/gentoo-release
Added.
Hmmm... this doesn't really contain useful info though...
~ # cat /etc/gentoo release Gentoo Base System release 1.12.11.1
Looks just fine.
maybe some forme of the uname command?
~ # uname -orpm 2.6.23-gentoo-r9 x86_64 AMD Opteron(tm) Processor 244 GNU/Linux
uname() is also used. It would probably print with you:
# OS: Linux 2.6.23-gentoo-r9 x86_64 Gentoo Base System release 1.12.11.1
Ahh... well, there ya go... thanks Timo, maybe this will save you some few precious seconds... ;)
--
Best regards,
Charles
Charles Marcus wrote:
On 10/29/2008 2:41 PM, Timo Sirainen wrote:
/etc/gentoo-release Added.
Hmmm... this doesn't really contain useful info though...
~ # cat /etc/gentoo release Gentoo Base System release 1.12.11.1 Looks just fine.
maybe some forme of the uname command?
~ # uname -orpm 2.6.23-gentoo-r9 x86_64 AMD Opteron(tm) Processor 244 GNU/Linux uname() is also used. It would probably print with you:
# OS: Linux 2.6.23-gentoo-r9 x86_64 Gentoo Base System release 1.12.11.1
Ahh... well, there ya go... thanks Timo, maybe this will save you some few precious seconds... ;)
For FreeBSD you may use:
#sysctl kern.version
kern.version: FreeBSD 7.0-RELEASE-p5 #0: Wed Oct 1 10:10:12 UTC 2008 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
Or: # uname -srmi FreeBSD 7.0-RELEASE-p5 i386 GENERIC
-- Best regards, Proskurin Kirill
On Wed, 2008-10-29 at 19:39 +0200, Timo Sirainen wrote:
The filesystem is looked up by getting the mount information for the directory in mail_location. That's not correct in all setups, but probably correct for most.
I was wondering why this felt like it was too easy. dovecot -n can't easily look up user's home directories. So the only time when it now prints the filesystem is if mail_location contains something like:
mail_location = maildir:/home/%u/Maildir
It cuts after the first % character and if there's more than 1 character left, that directory is used in the mount lookup. But perhaps it'll show up once in a while in bug reports. :)
On 10/29/2008 1:39 PM, Timo Sirainen wrote:
Any other suggestions that I could add before 1.1.6 release, which I'm really trying to release today? :)
Add the contents of non-default dovecot-sql.conf, dovecot-ldap.conf and maybe dovecot-db.conf to the output?
;)
--
Best regards,
Charles
On Wed, 2008-10-29 at 16:02 -0400, Charles Marcus wrote:
On 10/29/2008 1:39 PM, Timo Sirainen wrote:
Any other suggestions that I could add before 1.1.6 release, which I'm really trying to release today? :)
Add the contents of non-default dovecot-sql.conf, dovecot-ldap.conf and maybe dovecot-db.conf to the output?
That'll have to wait for v2.0 or perhaps v1.3.
On Oct 29, 2008, at 12:39 PM, Timo Sirainen wrote:
First however it checks for /etc/lsb-release and if it exists, prints DISTRIB_DESCRIPTION contents. I guess Ubuntu is the only distro currently using that file..
A little late, but I don't see any mention of /etc/lsb-release in the
LSB specification. You probably want the output of /usr/bin/
lsb_release -d
root@jd.dev:/# /usr/bin/lsb_release -d Description: CentOS release 5.2 (Final)
jd@macbook:~$ /usr/bin/lsb_release -d Description: Debian GNU/Linux unstable (sid)
The lsb_release binary has been in the specification since version 1.0.
On Oct 30, 2008, at 9:02 PM, John Lightsey wrote:
A little late, but I don't see any mention of /etc/lsb-release in
the LSB specification. You probably want the output of /usr/bin/ lsb_release -d
I don't think dovecot should execute external binaries. Sounds scary.
El Jueves, 30 de Octubre de 2008 a las 20:15, Timo Sirainen escribió:
On Oct 30, 2008, at 9:02 PM, John Lightsey wrote:
A little late, but I don't see any mention of /etc/lsb-release in the LSB specification. You probably want the output of /usr/bin/ lsb_release -d
I don't think dovecot should execute external binaries. Sounds scary.
You're right (as always :). But maybe using the same output for dovecot is a good idea. And lsb_release is a script (shell in RHEL4, python in Debian), so it seems easy.
Joseba Torre. CIDIR Bizkaia.
On Sat, 2008-10-25 at 23:24 -0500, JC wrote:
All,
I have hopefully a base question. How do you give users only read access to their inbox and folders? If I use chmod 600 they have full access. If I do a 400 they have read access but cannot access their inbox.
The config file is the out of the box config other than advertising IMAP and IMAPS.
mbox or maildir?
participants (10)
-
Andraž 'ruskie' Levstik
-
Bill Cole
-
Charles Marcus
-
JC
-
John Lightsey
-
Joseba Torre
-
Proskurin Kirill
-
Scott Silva
-
Stewart Dean
-
Timo Sirainen