doveadm acl set negative rights not supported?
Hi all,
I'm trying to set an ACL with negative rights. I have no problems setting it with standard IMAP commands, but I'm unable to do it with the doveadm acl command.
I tried:
sudo -u vmail doveadm acl set -u "user@domain" Spam user="-user@domain" lookup (notice the "-" before the username)
Unfortunately, this adds a (positive) ACL for the user named "-user@domain" instead of adding a negative one for the user "user@domain".
Am I messing up something or is negative ACL support missing from doveadm? I have not seen anything in the docs about this...
Regards,
Peter
Hi all,
Although noone answered, I figured out how to set negative rights via doveadm. You should not prefix the username with '-' (as you should do in a normal IMAP setacl command). Instead you should specify the *rights* starting with a '-'. There are two problems with this:
The '-username' version runs smoothly and does not throw any errors. However, it does *not* set negative rights. It adds a useless entry for a user named '-username'
If you try to specify the rights with a '-', such as '-writeseen', doveadm throws an error like this: set: invalid option -- 'w'
So the solution is to add '--' to the command line signaling the end of the options:
sudo -u vmail doveadm acl set -u user@domain -- "Spam" user=user@domain -write-seen
Regards,
Peter
Peter Benko <pbopbo@freemail.hu> írta:
Hi all,
I'm trying to set an ACL with negative rights. I have no problems setting it with standard IMAP commands, but I'm unable to do it with the doveadm acl command.
I tried:
sudo -u vmail doveadm acl set -u "user@domain" Spam user="-user@domain" lookup (notice the "-" before the username)
Unfortunately, this adds a (positive) ACL for the user named "-user@domain" instead of adding a negative one for the user "user@domain".
Am I messing up something or is negative ACL support missing from doveadm? I have not seen anything in the docs about this...
Regards,
Peter
On Tue, Dec 20, 2016, at 09:20 AM, Peter Benko wrote:
Hi all,
Although noone answered, I figured out how to set negative rights via doveadm. You should not prefix the username with '-' (as you should do in a normal IMAP setacl command). Instead you should specify the *rights* starting with a '-'. There are two problems with this:
The '-username' version runs smoothly and does not throw any errors. However, it does *not* set negative rights. It adds a useless entry for a user named '-username'
If you try to specify the rights with a '-', such as '-writeseen', doveadm throws an error like this: set: invalid option -- 'w'
So the solution is to add '--' to the command line signaling the end of the options:
sudo -u vmail doveadm acl set -u user@domain -- "Spam" user=user@domain -write-seen
Thanks for sharing the solution you found.
V/r, James Cassell
participants (2)
-
James Cassell
-
Peter Benko