[Dovecot] restricting shared folders access
Timo Sirainen
tss at iki.fi
Tue Aug 12 21:36:24 EEST 2008
On Aug 12, 2008, at 6:07 AM, Andrew Von Cid wrote:
> I have a dovecot setup with virtual users and a passwd-file passdb.
> All users have the same uid and gid. Recently I got my public
> folders working using namespaces and they work great. However, now
> I'm trying to share a folder between a limited number of users and
> so far I failed to get it working. Symlinks aren't an option
> because users need to be able to create subfolders of the shared
> folder so I'm trying to do it with namespaces but I'm not sure how
> to restrict access to a limited number of users.
>
> I tried doing it with groups. I made sure that the shared folder's
> group is set to 'staff' and the mode is 070, I also changed the
> group of a few virtual users to 'staff'. However, when I try
> accessing the shared folder I get a permission denied error
> (although the user is in the staff group).
How exactly are you changing virtual users' groups? You said you're
using a single UID and GID, so from the OS point of view there's only
a single user.
> Can someone please recommend the best way to do this? Should I look
> into ACL's?
Either that or use a different UID for all users (or the staff users).
With ACLs you could create dovecot-acl file with either:
a) Listing all the users who have access to it and their permissions
b) List staff group's access, and have your userdb return
acl_groups=staff extra field for the staff users. This will work only
with v1.1.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080812/d26a270d/attachment.bin
More information about the dovecot
mailing list