[Dovecot] Dovecot not handling r/o mailboxes completely, and problem with ACL as a workaround
mzukowski at urbacon.net
Tue May 8 21:36:24 EEST 2007
The shared mailbox and all its files and subdirectories are owned by the
'dovecot' user and by the 'domain users' group that all users belong to.
The ACL restrictions cause a reduction (i.e. more fine-grained
constraint) in privileges. In other words, at the system-file level,
everyone can read the directory/files, but at the ACL level, only
members of some particular list of groups should be able to read them.
And as I said, the user=<username> constraint seems to work fine, but
group=<groupname> does not. It looks like the group=<groupname>
constraint just never matches anyone. So I might have group=admins and
"joeblow" is in group admins, but Dovecot thinks that he isn't.
Adam McDougall wrote:
> What are the directory and file permissions of your shared folder,
> and do your <permissions> cause an increase or reduction of permissions
> compared to the dir and file permissions, or some of both?
> On Mon, May 07, 2007 at 02:47:40PM -0400, Matt Zukowski wrote:
> I would just add to this that simply putting a dovecot-acl file in a
> shared folder with "user=<username> <permissions>" does work just fine
> for us (without the complicated setup described below). Our problem is
> that group-based restrictions don't work at all (i.e. "group=<groupname>
> <permissions>", as described in the manual).
> I'm also trying to figure out what the force-group ACL identifier is
> supposed to mean.
> .... I gotta stop hitting "reply" for this list. I keep accidentally sending
> messages to the original authors rather than to the mailing list :)
This e-mail message is privileged, confidential and subject to copyright. Any unauthorized use or disclosure is prohibited.
Le contenu du pr'esent courriel est privil'egi'e, confidentiel et soumis `a des droits d'auteur. Il est interdit de l'utiliser ou de le divulguer sans autorisation.
More information about the dovecot