[Dovecot] Dovecot - AllowGroups option
Hi, I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage.
Services like proftpd have: "AllowGroup ftpgroup"
sshd have "AllowGroups sshgroup"
And samba have "valid users = @smbgroup"
But I can't find the correct option in Dovecot (/etc/dovecot/dovecot.conf)
Do anyone have the magic option or a workaround thats doesn't envolve maintaining seperate user databases and password? (I know its needed for samba but besides that)
/Neergaard
On Tue, 2010-12-28 at 00:15 +0100, Jacob Neergaard Pedersen wrote:
I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage.
Assuming you use passdb pam, I think pam_listfile can do this: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_listfile.htm...
Sorry about the late reply. I look at the link you sent me. But I can't figure out how to make it do what I want. As far as I understand then yes I'm using PAM. I wanna create an imap group in /etc/group and only the users I add to this is to be allow access to dovecot thought IMAP. I'm sorry to say but my Linux skill are limited but growing.
Den 30/12/2010 kl. 11.09 skrev Timo Sirainen:
On Tue, 2010-12-28 at 00:15 +0100, Jacob Neergaard Pedersen wrote:
I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage.
Assuming you use passdb pam, I think pam_listfile can do this: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_listfile.htm...
Hi, Found It :)
Here it is - very simple.
Add the group you wanna use to /etc/group maigroup:x:1007:user1,user2,user3
Make a file listing the groups you wanna allow access from echo "maigroup" > /etc/dovecot/group.allow
Add group authentication to dovecot pam setting in /etc/pam.d/dovecot Add this line on the top of the file auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/dovecot/group.allow
I hope I can safe other people the trouble.
/Neergaard
Den 30/12/2010 kl. 11.09 skrev Timo Sirainen:
On Tue, 2010-12-28 at 00:15 +0100, Jacob Neergaard Pedersen wrote:
I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage.
Assuming you use passdb pam, I think pam_listfile can do this: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_listfile.htm...
participants (2)
-
Jacob Neergaard Pedersen
-
Timo Sirainen