[Dovecot] list command and shared folders
Hello,
I try to setup shared folders with real unix users:
user "test2": setacl t2_t4 test4 lrswi user "test3": setacl t3_t4 test4 lrswi
Now I see entries in ~test2/Maildir/.t2_t4/dovecot-acl, ~test3/Maildir/.t3_t4/dovecot-acl and /var/lib/dovecot/acl_dict.db (see below)
But "test4" don't see the shared folders in the list command :-(
01 login test4 xxxxxxx
01 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk QUOTA] Logged in
02 namespace
- NAMESPACE (("" "/")) (("shared/" "/")) NIL 02 OK Namespace completed.
03 list "" *
- LIST (\HasNoChildren) "/" "INBOX" 03 OK List completed.
The select command is possible:
04 select shared/test2/t2_t4
- FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
- OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
- 4 EXISTS
- 4 RECENT
- OK [UNSEEN 1] First unseen.
- OK [UIDVALIDITY 1276509851] UIDs valid
- OK [UIDNEXT 5] Predicted next UID
- OK [HIGHESTMODSEQ 1] Highest 04 OK [READ-WRITE] Select completed.
What is wrong in this setup, why can't see "test4" the shared folders in the list command ???
Best regards
Wolfram
dovecot -n:
# 1.2.11: /etc/dovecot.conf # OS: Linux 2.6.32.12-0.7-default x86_64 SUSE Linux Enterprise Server 11 (x86_64) base_dir: /var/run/dovecot/ syslog_facility: local5 protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/ssl/private/server.cert ssl_key_file: /etc/ssl/private/server.cert ssl_cipher_list: ALL:!LOW login_dir: /var/run/dovecot/login login_executable(default): /opt/dovecot/libexec/dovecot/imap-login login_executable(imap): /opt/dovecot/libexec/dovecot/imap-login login_executable(pop3): /opt/dovecot/libexec/dovecot/pop3-login login_log_format_elements: user=%u rip=%r method=%m %c login_processes_count: 10 login_max_processes_count: 2048 max_mail_processes: 4096 mail_max_userip_connections(default): 15 mail_max_userip_connections(imap): 15 mail_max_userip_connections(pop3): 10 verbose_proctitle: yes first_valid_uid: 290 last_valid_uid: 39000 first_valid_gid: 100 last_valid_gid: 1000 mail_debug: yes mbox_lock_timeout: 30 mail_executable(default): /opt/dovecot/libexec/dovecot/imap mail_executable(imap): /opt/dovecot/libexec/dovecot/imap mail_executable(pop3): /opt/dovecot/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota acl imap_acl mail_plugins(imap): quota imap_quota acl imap_acl mail_plugins(pop3): quota mail_plugin_dir(default): /opt/dovecot/lib/dovecot/imap mail_plugin_dir(imap): /opt/dovecot/lib/dovecot/imap mail_plugin_dir(pop3): /opt/dovecot/lib/dovecot/pop3 mail_log_prefix: %Us[%p]: user=%u, rip=%r: imap_client_workarounds(default): delay-newmail imap_client_workarounds(imap): delay-newmail imap_client_workarounds(pop3): pop3_reuse_xuidl(default): no pop3_reuse_xuidl(imap): no pop3_reuse_xuidl(pop3): yes pop3_save_uidl(default): no pop3_save_uidl(imap): no pop3_save_uidl(pop3): yes pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): oe-ns-eoh namespace: type: private separator: / location: maildir:~/Maildir:INDEX=/var/dovecot/%1u/%u/indexes:CONTROL=/var/dovecot/%1u/%u/control inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: shared/%%u/ location: maildir:/home1/users/%%u/Maildir:INDEX=/var/dovecot/%1u/%u/shared/%%u/indexes:CONTROL=/var/dovecot/%1u/%u/shared/%%u/control list: children lda: mail_plugins: quota mail_plugin_dir: /opt/dovecot/lib/dovecot/lda sendmail_path: /usr/sbin/sendmail auth_socket_path: /var/run/dovecot/auth-master auth default: mechanisms: plain login cache_negative_ttl: 600 executable: /opt/dovecot/libexec/dovecot/dovecot-auth username_format: %Lu count: 10 worker_max_count: 1024 passdb: driver: passwd-file args: /etc/dovecot.deny deny: yes passdb: driver: pam args: max_requests=100 dovecot userdb: driver: passwd plugin: quota: fs acl: vfile: acl_shared_dict: proxy::acl_dict dict: acl_dict: db:/var/lib/dovecot/acl_dict.db
~test2/Maildir/.t2_t4/dovecot-acl:
user=test4 ilrws
~test3/Maildir/.t3_t4/dovecot-acl:
user=test4 ilrws
db_dump -p /var/lib/dovecot/acl_dict.db:
VERSION=3 format=print type=btree db_pagesize=4096 HEADER=END shared/shared-boxes/user/test4/test2 1 shared/shared-boxes/user/test4/test3 1 DATA=END
-- ########################################### # Wolfram Greinert # # URZ der Uni Leipzig, Abteilung Netze # # 04109 Leipzig, Neumarkt 9-19 # # Tel.: +(0341) 97-33325 # # email: greinert@rz.uni-leipzig.de # ###########################################
On Mon, 2010-06-14 at 12:23 +0200, Wolfram Greinert wrote:
acl_shared_dict: proxy::acl_dict dict: acl_dict: db:/var/lib/dovecot/acl_dict.db
Your config looks ok, but Berkeley DB support is currently somewhat broken and might be causing your problem. Try with file backend instead:
acl_shared_dict = file:/var/lib/dovecot/acl_dict
On Mon, Jun 14, 2010 at 03:52:20PM +0100, Timo Sirainen wrote:
On Mon, 2010-06-14 at 12:23 +0200, Wolfram Greinert wrote:
acl_shared_dict: proxy::acl_dict dict: acl_dict: db:/var/lib/dovecot/acl_dict.db
Your config looks ok, but Berkeley DB support is currently somewhat broken and might be causing your problem. Try with file backend instead:
this is shame, I read the wiki and use Berkeley DB and now .... :-)
acl_shared_dict = file:/var/lib/dovecot/acl_dict
I try this, no success :-(
chmod 0777 /var/lib/dovecot touch /var/lib/dovecot/acl_dict chown dovecot:dovecot /var/lib/dovecot/acl_dict chmod 0666 /var/lib/dovecot/acl_dict
now user test2 say "setacl t2_t4 test4 lrwsi" and:
-rw------- 1 test2 users /var/lib/dovecot/acl_dict
okay, now I use sqlite, this work perfect :-)
-- ########################################### # Wolfram Greinert # # URZ der Uni Leipzig, Abteilung Netze # # 04109 Leipzig, Neumarkt 9-19 # # Tel.: +(0341) 97-33325 # # email: greinert@rz.uni-leipzig.de # ###########################################
On Tue, 2010-06-15 at 15:07 +0200, Wolfram Greinert wrote:
acl_shared_dict = file:/var/lib/dovecot/acl_dict
I try this, no success :-(
chmod 0777 /var/lib/dovecot touch /var/lib/dovecot/acl_dict chown dovecot:dovecot /var/lib/dovecot/acl_dict
You shouldn't create any files owned by dovecot user (even though it's 0666 permission here, it's still a bad habit :) http://wiki.dovecot.org/UserIds
chmod 0666 /var/lib/dovecot/acl_dict
now user test2 say "setacl t2_t4 test4 lrwsi" and:
-rw------- 1 test2 users /var/lib/dovecot/acl_dict
I fixed this a few days ago: http://hg.dovecot.org/dovecot-1.2/rev/0b0cb71aea03
It should have logged an error. No one who has reported this bug has looked at their logs :(
On Tue, Jun 15, 2010 at 02:50:26PM +0100, Timo Sirainen wrote:
On Tue, 2010-06-15 at 15:07 +0200, Wolfram Greinert wrote:
acl_shared_dict = file:/var/lib/dovecot/acl_dict
I try this, no success :-(
chmod 0777 /var/lib/dovecot touch /var/lib/dovecot/acl_dict chown dovecot:dovecot /var/lib/dovecot/acl_dict
You shouldn't create any files owned by dovecot user (even though it's 0666 permission here, it's still a bad habit :) http://wiki.dovecot.org/UserIds
okay, I try this also with other users (root, nobody, ...), the same result :-)
chmod 0666 /var/lib/dovecot/acl_dict
now user test2 say "setacl t2_t4 test4 lrwsi" and:
-rw------- 1 test2 users /var/lib/dovecot/acl_dict
I fixed this a few days ago: http://hg.dovecot.org/dovecot-1.2/rev/0b0cb71aea03
it's work !
It should have logged an error. No one who has reported this bug has looked at their logs :(
I see logs like this:
setacl:
fchown(/var/lib/dovecot/acl_dict.lock, -1, 0) failed: Operation not permitted
getacl (after setacl from other user):
open(/var/lib/dovecot/acl_dict) failed: Permission denied
and don't know is this a bug or a feature:
- file:/var/lib/dovecot/acl_dict only with virtual users (same uid for all)
- with real users and distinct uid use sqlite, mysql .... ( I hope also db in the future :-))
-- ########################################### # Wolfram Greinert # # URZ der Uni Leipzig, Abteilung Netze # # 04109 Leipzig, Neumarkt 9-19 # # Tel.: +(0341) 97-33325 # # email: greinert@rz.uni-leipzig.de # ###########################################
participants (2)
-
Timo Sirainen
-
Wolfram Greinert