[Dovecot] Dovecot public folders ACL
typus vulgaris
typus.vulgaris at gmail.com
Mon Aug 28 10:54:12 EEST 2006
Hi Jeff,
After I have read this post from your namesake I have made it works!
http://dovecot.org/pipermail/dovecot/2006-August/015634.html
Main idea is that dovecot-acl file in public/shared folder is read
only by owner!
To make it read by other users you have to define global vfile folder
in plugin ACL.
I have defined in dovecot.conf like this:
plugin {
acl = vfile:/usr/local/etc/dovecot-acls
}
As I have folder separator / I have to create in
/usr/local/etc/dovecot-acls folders that named as my public folders in
location for public folders like this:
/usr/local/etc/dovecot-acls/share/ as I have public folder in
/home/user/public/.share/
In /home/user/public/.share/ I have created dovecot-share file and in
/usr/local/etc/dovecot-acls/share/ I have created .DEFAUL file which
contain real ACL:
user=someuser lr
And it did the trick!
So I want to say that http://wiki.dovecot.org/ACL does not clearly
explain the process :(
Hope my post will help someone...
PS. Thanks to Jeff Horner for make it clear for me...
2006/8/28, Jeff Turner <jeff at atlassian.com>:
> After trying and failing to do the same thing, I'm also curious about
> this. Do ACLs simply not work with shared folders? If so, what's the
> point of ACLs? Only shared resources need access control in the first
> place.
>
>
> --Jeff
>
> On Thu, Aug 17, 2006 at 12:24:35PM +0300, typus vulgaris wrote:
> > Hi, all!
> >
> > I'm new to dovecot but trying to setup read-only public folders for
> > different user groups.
> >
> > My goal is to create several public folder such as sales, operation
> > etc with per user index.
> >
> > But I have some problem which I can't resolve with Google and Dovecot.Org.
> >
> > Now users can see and subscribe to test folder "share", but I can't
> > block ability to delete messages via ACL.
> >
> > Here is file system permissions:
> >
> > public/.share ]> ls -la
> > total 12
> > drwxrwx--- 5 share mail 512 17 авг 12:17 .
> > drwxrwx--- 6 root mail 512 17 авг 11:04 ..
> > drwxrwx--- 2 share mail 512 17 авг 11:18 cur
> > -rwxrwx--- 1 root mail 21 17 авг 10:36 dovecot-acl
> > -rwxrwx--- 1 root mail 0 16 авг 17:56 dovecot-shared
> > drwxrwx--- 2 share mail 512 17 авг 11:17 new
> > drwxrwx--- 2 share mail 512 17 авг 11:17 tmp
> >
> > my dovecot-acl file:
> >
> > public/.share ]> cat dovecot-acl
> > owner lr
> > user=typ lr
> >
> > But user typ can delete messages. But ACL seems working because if I
> > remove letter 'l' from typ's setting he cannot see the folder.
> >
> > Here is my config:
> > ----------8<------------
> > protocols = imap
> > ssl_disable = yes
> > disable_plaintext_auth = no
> > shutdown_clients = yes
> > log_path = /var/log/dovecot/sys.log
> > info_log_path = /var/log/dovecot/info.log
> > login_process_size = 64
> > verbose_proctitle = yes
> > first_valid_gid = 0
> > mail_extra_groups = mail
> > default_mail_env = mbox:/var/mail/%u:INDEX=/home/user/%u:INBOX=/var/mail/%u
> > namespace private {
> > separator = /
> > prefix =
> > location = maildir:/home/user/%u/.maildir
> > inbox = yes
> > }
> > namespace public {
> > separator = /
> > prefix = Public/
> > location =
> > maildir:/home/user/public:CONTROL=/home/user/%u/public/control:INDEX=/home/user/%u/public/index
> > hidden = no
> > inbox = no
> > }
> > mbox_read_locks = fcntl
> > mbox_write_locks = dotlock fcntl
> > mbox_lock_timeout = 300
> > mbox_very_dirty_syncs = yes
> > umask = 0007
> > protocol imap {
> > listen = 192.168.101.1:143
> > mail_plugins = acl
> > imap_client_workarounds = delay-newmail outlook-idle
> > }
> >
> > protocol pop3 {
> > pop3_uidl_format = %08Xu%08Xv
> > pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> > }
> > auth default {
> > mechanisms = plain
> > passdb pam {
> > }
> > userdb passwd {
> > }
> > user = root
> > }
> > plugin {
> > }
> > -----------------8<--------------
> >
> >
> > --
> > typus
> > vulgaris
>
--
typus
vulgaris
More information about the dovecot
mailing list