How would I go, If I wanted ACL processing to start with %{auth_user} instead of %{user} when determining rights?
-- peter
On 05 Feb 2016, at 17:42, Peter Chiochetti pch@myzel.net wrote:
How would I go, If I wanted ACL processing to start with %{auth_user} instead of %{user} when determining rights?
You could kludge it by returning master_user=%{auth_user} in userdb, but that might affect other things.. But since this has been asked a few times, I finally implemented it in a bit cleaner way:
https://github.com/dovecot/core/commit/dd5683e19979085fdfe9f269876f2a91ea604...
So you can do:
plugin { acl_user = %{auth_user} }
Am 2016-02-08 um 11:50 schrieb Timo Sirainen:
On 05 Feb 2016, at 17:42, Peter Chiochetti pch@myzel.net wrote:
How would I go, If I wanted ACL processing to start with %{auth_user} instead of %{user} when determining rights?
You could kludge it by returning master_user=%{auth_user} in userdb, but that might affect other things.. […]
I tested the kludge: I put userdb_master_user=someone into the static passwd file for a certain auth_user and now global ACLs apply; as an extra bonus now userdb_acl_groups=somegroup starts to be applied too for that account!
Observations:
- my virtual users start with no rights
- I add rights in the global dovecot-acl file
- changes work immediately, no restart necessary
- only users with a master_user set are affected
- in the future a single stance in local.conf will apply to all users
I could not put master_user=%{auth_user} into the userdb stance (nor the passwd file), because the parser does not expand the variable, possibly a formatting error on my side: "doveadm -D acl debug -u myname INBOX" then prints:
Debug: Added userdb setting: plugin/master_user=auth_user}
After all, once more A happy dovecot user!
-- peter
participants (2)
-
Peter Chiochetti
-
Timo Sirainen