[Dovecot] Why dovecot does not want to read my acl file?
Lukas Haase
lukashaase at gmx.at
Wed Dec 16 08:56:23 EET 2009
Hi again,
I have some additional notes.
Lukas Haase wrote:
> Timo Sirainen schrieb:
>> [...]
>>> ACL_GROUPS=`groups $USER | tr ' ' ','`
>>> export ACL_GROUPS
>>
>> I don't think ACL_GROUPS is supported by Dovecot v1.0.
I removed that part again and instead of using group=office I just
enumerate all possible users in the ACL file:
anyone
user=peter lrwstiek
user=user1 lrwstiek
user=user2 lrwstiek
user=user3 lrwstiek
user=user4 lrwstiek
> Further things I forgot:
>
> * In the homedirs the scenario is the same. The one user that has access
> to the files is the user peter itself and there I got no errors about
> reading the ACL files
> * Reading succeeds when I set the directory (.Office) to 755
> * For testing I wrote
> authenticated lrwstiek
> into the dovecot-acl which means that the problem can not depend on
> the ACL itself.
In the meantime I also tried something else: I added the user "dovecot"
to the "office" group:
# id dovecot
uid=107(dovecot) gid=106(dovecot) groups=51683(office),106(dovecot)
Now I can read the file too as user dovecot (su dovecot).
But I still get the message:
Dec 16 07:53:51 mail dovecot: IMAP(peter): acl vfile: no access to file
/var/mail/shared/.Office/dovecot-acl
> I just do not understand. The process runs as user peter and complains
> that it is unable to open the ACL file. But the file is definitively
> readable for user peter, as I checked with su. Also the error is gone
> when I set the directory to 755 ... that sounds really strange for me...
>> [...]
>> It's because at startup Dovecot executes imap mail_executable as
>> "dump-capability" user to find out what IMAP capabilities enabled
>> plugins add. In your script you should probably check that if
>> $USER=dump-capability, don't do anything special.
>
> Hmm, I do not fully understand. You can see my whole script in the OP
> ... there is not done anything special, isnt it?
Thank you, non I understand! The message is because that user does not
exist. When I add an if-clause it works.
Regards,
Luke
More information about the dovecot
mailing list