[Dovecot] Acl, Namespace, User Confusion
Jim Horner
jhorner at arinbe.com
Sat Aug 19 20:48:03 EEST 2006
> namespace public {
> separator = .
> prefix = COMPANY.
> users = someuser @somegroup
> location =
> maildir:/home/services/mail/arinbe.com/company/Maildir:CONTROL=%h/shared-se
>ttings/company/control:INDEX=%h/shared-settings/rootmail/index hidden = no
> }
Just to close this out (can be read as "hopefully help someone else" or "I
like to hear myself talk")...
After spending a few days beating my head against a wall, I finally got this
to work...
I had to read and re-read
http://www.dovecot.org/list/dovecot/2006-June/013683.html. A dovecot-acl file
is not read from the namespace. So for namespace folders I had to use the
global vfile:/etc/dovecot-acl folder to create permissions. A dovecot-acl
file in one of the shared folders trumps the permissions from global vfile:.
The peculiar feature piece is that because namespace folders are not read it
doesn't matter for the virtual user. In other words if I have a user named
company and share its folders, only the company user will read the
dovecot-acl in its folders. Other users accessing that folder as a shared
resource will read the global vfile: acl files. This feature worked out great
for me.
Using the acl plug-in will "turn off" public namespaces until acl files are
put into place. This was hard to understand at first.
Separating things or locking folders down with unix group permissions is
pretty much futile. I had to put all my users in all my hosted domains in the
same group and open the shared folders permissions to 770 (or 660).
All in all, I am happy with the result.
Thanks,
Jim
More information about the dovecot
mailing list