[Dovecot] (no subject)
Hi, I'd like to use Global ACLs to limit user's access to individual folders (e.g. read only). The dovecot-acl file limiting my user "test": user=test lr works fine when I put it into the user's mailbox /home/vmail/test/Maildir/.Records but gets ignored in /etc/dovecot/acls/Records
Bellow is my dovecot -n output:
# 2.0.0: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.11.1.el5 i686 CentOS release 5.5 (Final) auth_master_user_separator = * auth_mechanisms = plain ntlm disable_plaintext_auth = no mail_location = maildir:~/Maildir mail_plugins = acl passdb { args = /etc/dovecot/users driver = passwd-file } plugin { acl = vfile:/etc/dovecot/acls } protocols = imap userdb { args = uid=vmail gid=vmail home=/home/vmail/%u allow_all_users=yes driver = static } protocol imap { mail_plugins = $mail_plugins imap_acl }
Any help will be appreciated. Thanks, Alex
On Fri, 2010-08-27 at 14:49 -0500, Alexander Cherniak wrote:
Hi, I'd like to use Global ACLs to limit user's access to individual folders (e.g. read only). The dovecot-acl file limiting my user "test": user=test lr works fine when I put it into the user's mailbox /home/vmail/test/Maildir/.Records but gets ignored in /etc/dovecot/acls/Records
Did you use /etc/dovecot/acls/Records or /etc/dovecot/acls/Records/dovecot-acl? The first one is correct.
Thank you Timo, For some reason I thought that Records was a directory with dovecot-acl file in it. It works as a charm now.
Unfortunately, mail clients do not always cooperate, Outlook in particular still allows to set message flags in folders without "wst" ACLs. Can somebody recommend comparative analysis with configuration options?
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Tuesday, August 31, 2010 2:24 PM To: Alexander Cherniak Cc: dovecot@dovecot.org Subject: Re: [Dovecot] (no subject)
On Fri, 2010-08-27 at 14:49 -0500, Alexander Cherniak wrote:
Hi, I'd like to use Global ACLs to limit user's access to individual folders (e.g. read only). The dovecot-acl file limiting my user "test": user=test lr works fine when I put it into the user's mailbox /home/vmail/test/Maildir/.Records but gets ignored in /etc/dovecot/acls/Records
Did you use /etc/dovecot/acls/Records or /etc/dovecot/acls/Records/dovecot-acl? The first one is correct.
On Tue, 2010-08-31 at 14:26 -0500, Alexander Cherniak wrote:
Unfortunately, mail clients do not always cooperate, Outlook in particular still allows to set message flags in folders without "wst" ACLs. Can somebody recommend comparative analysis with configuration options?
You mean Outlook actually allows changing flags on the server? Or it just changes the flags locally? They don't get reset with restart?
I checked both Outlook 2007 and 2010. The "red" flag get updated in local PST file, but not on the server. There is also no warning about the failure. Outlook Express behaves exactly the same. Although, eventually sync does happen after some period of time... \Seen flag behaves differently. Outlook allows to change it locally, but synchronizes it back when user exits and then enters the same folder, providing quite a bizarre experience.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Wednesday, September 01, 2010 12:04 PM To: Alexander Cherniak Cc: dovecot@dovecot.org Subject: Re: [Dovecot] (no subject)
On Tue, 2010-08-31 at 14:26 -0500, Alexander Cherniak wrote:
Unfortunately, mail clients do not always cooperate, Outlook in particular still allows to set message flags in folders without "wst" ACLs. Can somebody recommend comparative analysis with configuration options?
You mean Outlook actually allows changing flags on the server? Or it just changes the flags locally? They don't get reset with restart?
Dovecot doesn't give error in such case, because some clients (probably Outlook too) would start showing user alert boxes every time when a message is read, complaining about not having permissions to change message flags.
On Wed, 2010-09-01 at 11:51 -0500, Alexander Cherniak wrote:
I checked both Outlook 2007 and 2010. The "red" flag get updated in local PST file, but not on the server. There is also no warning about the failure. Outlook Express behaves exactly the same. Although, eventually sync does happen after some period of time... \Seen flag behaves differently. Outlook allows to change it locally, but synchronizes it back when user exits and then enters the same folder, providing quite a bizarre experience.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Wednesday, September 01, 2010 12:04 PM To: Alexander Cherniak Cc: dovecot@dovecot.org Subject: Re: [Dovecot] (no subject)
On Tue, 2010-08-31 at 14:26 -0500, Alexander Cherniak wrote:
Unfortunately, mail clients do not always cooperate, Outlook in particular still allows to set message flags in folders without "wst" ACLs. Can somebody recommend comparative analysis with configuration options?
You mean Outlook actually allows changing flags on the server? Or it just changes the flags locally? They don't get reset with restart?
That's quite logical, but Outlook still shows unfriendly messages in other cases, for example, Cannot copy the items. The server responded: 'NOPERM] Permission denied' when user drops messages into the folder without the 'i' permission.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Wednesday, September 01, 2010 1:10 PM To: Alexander Cherniak Cc: dovecot@dovecot.org Subject: Re: [Dovecot] (no subject)
Dovecot doesn't give error in such case, because some clients (probably Outlook too) would start showing user alert boxes every time when a message is read, complaining about not having permissions to change message flags.
On Wed, 2010-09-01 at 11:51 -0500, Alexander Cherniak wrote:
I checked both Outlook 2007 and 2010. The "red" flag get updated in local PST file, but not on the server. There is also no warning about the failure. Outlook Express behaves exactly the same. Although, eventually sync does happen after some period of time... \Seen flag behaves differently. Outlook allows to change it locally, but synchronizes it back when user exits and then enters the same folder, providing quite a bizarre experience.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Wednesday, September 01, 2010 12:04 PM To: Alexander Cherniak Cc: dovecot@dovecot.org Subject: Re: [Dovecot] (no subject)
On Tue, 2010-08-31 at 14:26 -0500, Alexander Cherniak wrote:
Unfortunately, mail clients do not always cooperate, Outlook in particular still allows to set message flags in folders without "wst" ACLs. Can somebody recommend comparative analysis with configuration options?
You mean Outlook actually allows changing flags on the server? Or it just changes the flags locally? They don't get reset with restart?
participants (2)
-
Alexander Cherniak
-
Timo Sirainen