[Dovecot] Public dovecot namespace visible only to some users
Hi,
I have a dovecot IMAP server (version 2.1.7) with Maildirs and a virtual user setup (e.g. all accounts are mapped to the same system user). I’d like to create a public namespace shared between users A and B, but not any other user.
I tried to set up the namespace as follows:
namespace {
type = public
separator = .
prefix = INBOX.XFeeds.
location = maildir:/var/vhosts/feeds:INDEX=~/Maildir/feeds/
subscriptions = no
}
together with a acl-file:
/var/vhosts/feeds $ cat dovecot-acl
user=A lrwstipekxa
user=B lrwipk
Now user C cannot access the contents of the XFeeds mailbox, but it still shows up in its IMAP client. How can I make sure that other users cannot observe that this namespace exists?
Thanks, Joachim
PS: If you collect serverfault reputation, feel free to answer on http://serverfault.com/questions/544061/public-dovecot-namespace-visible-onl... as well :-)
PPS: Relevant parts of my configuration:
first_valid_uid = 109 last_valid_uid = 109 mail_gid = vhost mail_location = maildir:~/Maildir mail_privileged_group = mail mail_uid = vhost managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { location = maildir:/var/vhosts/feeds:INDEX=~/Maildir/feeds/ prefix = INBOX.XFeeds. separator = . subscriptions = no type = public } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . } passdb { args = /etc/vhosts/dovecot-userdb driver = passwd-file } plugin { acl = vfile sieve = ~/dovecot.sieve sieve_dir = ~/sieve } userdb { args = uid=vhost gid=vhost home=/var/vhosts/%d/%n driver = static } protocol imap { mail_plugins = " acl" }
-- Joachim “nomeata” Breitner mail@joachim-breitner.de • http://www.joachim-breitner.de/ Jabber: nomeata@joachim-breitner.de • GPG-Key: 0x4743206C Debian Developer: nomeata@debian.org
H,
Am Montag, den 14.10.2013, 11:22 +0200 schrieb Joachim Breitner:
How can I make sure that other users cannot observe that this namespace exists?
something else that I tried since is to set "list = no" in the esttings of "namespace feeds", and add "userdb_namespace/feeds/list=yes" to the passwd file, but the latter did not seem to have any effect.
Greetings, Joachim
-- Joachim “nomeata” Breitner mail@joachim-breitner.de • http://www.joachim-breitner.de/ Jabber: nomeata@joachim-breitner.de • GPG-Key: 0x4743206C Debian Developer: nomeata@debian.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 14 Oct 2013, Joachim Breitner wrote:
something else that I tried since is to set "list = no" in the esttings
try list = children
see http://wiki2.dovecot.org/SharedMailboxes/Public last example.
I think I remember a similiar report a while back. Maybe it's a bug in your version.
of "namespace feeds", and add "userdb_namespace/feeds/list=yes" to the passwd file, but the latter did not seem to have any effect.
you use a static userdb, so the setting is not read from the passwd file. The file is consulted for password only per your config.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUl+Q713r2wJMiz2NAQLnugf/Zlvaiovi8EnZZ32gAjdRa2OPZqvbaa4C qieH2XKW5tZRHnZl6xo8wn7P6okFQ4VZ281svsTY/xj++UHY0Lu3mdUBIpHVHmWq JC0ZKD5JW1KF6b7Jwt1FdNJrQIDglv84IYiVF7+wGdohj4ErCuYvghP2llRZdWMw Hs2YpkyMQ9vKPAu9F5xraywqrEmPA+myVHNrgxVa+lbXVU6b5JgGGysJ/84oeXBp S8zmAeADv7ZFgWfQ98AzYaY2SNvw9or/kHG7kwKtoylZ5XvosU8o393nH7LFII/D JOzOzLP4yLPxvYPn2kBYdOKFWEEepZdkY8nJlaEkVdWtHf2qeLU76g== =P05C -----END PGP SIGNATURE-----
Hi Steffen,
Am Donnerstag, den 17.10.2013, 09:25 +0200 schrieb Steffen Kaiser:
On Mon, 14 Oct 2013, Joachim Breitner wrote:
of "namespace feeds", and add "userdb_namespace/feeds/list=yes" to the passwd file, but the latter did not seem to have any effect.
you use a static userdb, so the setting is not read from the passwd file. The file is consulted for password only per your config.
that was it. After changing userdb to: userdb { args = /etc/vhosts/dovecot-userdb default_fields = uid=vhost gid=vhost home=/var/vhosts/%d/%n driver = passwd-file }
I was able to selectively enable the namespace in /etc/vhosts/dovecot-userdb using
username:{MD5}password::::::userdb_namespace/feeds/list=yes(It has "list=no" set in the namespace configuration.)
Thanks! Joachim
-- Joachim “nomeata” Breitner mail@joachim-breitner.de • http://www.joachim-breitner.de/ Jabber: nomeata@joachim-breitner.de • GPG-Key: 0x4743206C Debian Developer: nomeata@debian.org
participants (2)
-
Joachim Breitner
-
Steffen Kaiser