From the wiki:
ACL groups support works by returning a comma-separated acl_groups extra field http://wiki2.dovecot.org/UserDatabase/ExtraFields from userdb, which contains all the groups the user belongs to. User's UNIX groups have no effect on ACLs (you can "enable" them by using a special post-login script http://wiki2.dovecot.org/PostLoginScripting).
I've read that over several times - I still don't understand that. Are "ACL Groups" defined and managed by Dovecot - and described somewhere else in the docs - or are they UNIX groups that previously had no affect on mail access but by being listed in the "acl_groups" field they now have relevance?
Daniel
On 6/14/2011 2:18 PM, Daniel L. Miller wrote:
From the wiki:
ACL groups support works by returning a comma-separated acl_groups extra field http://wiki2.dovecot.org/UserDatabase/ExtraFields from userdb, which contains all the groups the user belongs to. User's UNIX groups have no effect on ACLs (you can "enable" them by using a special post-login script http://wiki2.dovecot.org/PostLoginScripting).
I've read that over several times - I still don't understand that. Are "ACL Groups" defined and managed by Dovecot - and described somewhere else in the docs - or are they UNIX groups that previously had no affect on mail access but by being listed in the "acl_groups" field they now have relevance?
That is a bit confusing. What it is trying to say: For one, you have acl_groups. For two, you have UNIX groups. They are not related at all. If you want them to be related, you can use a special post-login script.
On 6/15/2011 10:42 PM, Willie Gillespie wrote:
On 6/14/2011 2:18 PM, Daniel L. Miller wrote:
From the wiki:
ACL groups support works by returning a comma-separated acl_groups extra field http://wiki2.dovecot.org/UserDatabase/ExtraFields from userdb, which contains all the groups the user belongs to. User's UNIX groups have no effect on ACLs (you can "enable" them by using a special post-login script http://wiki2.dovecot.org/PostLoginScripting).
I've read that over several times - I still don't understand that. Are "ACL Groups" defined and managed by Dovecot - and described somewhere else in the docs - or are they UNIX groups that previously had no affect on mail access but by being listed in the "acl_groups" field they now have relevance?
That is a bit confusing. What it is trying to say: For one, you have acl_groups. For two, you have UNIX groups. They are not related at all. If you want them to be related, you can use a special post-login script.
Ok - so where are acl_groups, and their access, defined?
Daniel
Ok - so where are acl_groups, and their access, defined?
Daniel
The permissions are set in the 'dovecot-acl' files:
$ cat dovecot-acl anyone lr authenticated lrws group=PublicMailboxAdmins lrwsik
You assign the groups to a particular user per UserDB Extra Fields:
userdb_acl_groups=PublicMailboxAdmins
Thomas
On 6/17/2011 1:28 AM, Thomas Leuxner wrote:
Ok - so where are acl_groups, and their access, defined?
Daniel The permissions are set in the 'dovecot-acl' files:
$ cat dovecot-acl anyone lr authenticated lrws group=PublicMailboxAdmins lrwsik
You assign the groups to a particular user per UserDB Extra Fields:
userdb_acl_groups=PublicMailboxAdmins
So there is no defined list of valid groups - arbitrary names are simply
listed in the acl_groups parameter, and are then used in the acl files.
If they're in either one of the acl_groups or acl file(s), and not in
the other, there's no error - they just don't do anything. Right?
-- Daniel
participants (3)
-
Daniel L. Miller
-
Thomas Leuxner
-
Willie Gillespie