[Dovecot] Why dovecot does not want to read my acl file?

Lukas Haase lukashaase at gmx.at
Thu Dec 17 03:55:51 EET 2009


Hello,

Timo Sirainen wrote:
> On Wed, 2009-12-16 at 14:36 -0500, Timo Sirainen wrote:
> 
>>> drwxrwx--- 5 root office 4096 Dec 15 15:53 .Office
>> Why are your files and directories owned by root, instead of peter?
> 
> Oh right, kind of stupid question. I already forgot we were talking
> about shared mailboxes. :)
> 
> But anyway, the problem has to do with userdb not returning those UNIX
> groups that you expect.

Oh, ok I think there is a point which I do not understand. What has the 
userdb to do with UNIX rights? As far as I understood from the wiki 
there are two levels:

* UNIX rights. The mailboxes need to just have the correct *UNIX* 
permission in order to access the files in the needed way (read or 
write). So IMO this could also be achieved with, say, POSIX ACLs (setfacl)

* Internal access system based on the ACLs plugin. I disabled this part 
temporarily.

I am working with UNIX systems for over 10 years now and until now I 
always debugged permission errors that way. It is the first time that "a 
user belongs to a group but does not belong to the group" ... what I 
want to day with that: A user belongs to a group or not, that is part of 
the operating systems and must not be different through different 
application, mustn't it? That must be the same over the whole operating 
system and until now, this was always the case.

So far I also do not understand what the userdb has to do with that. The 
userdb is just for *internal* users of the application (dovecot) and has 
nothing to do with the access system from the operating system or the 
system users/groups.

 > Perhaps you should just set:
 >
 > mail_access_groups = office

In fact I do not want to do this because the plan is to have an 
arbitrary amount of groups on the system with different members, 
permissions and folders.

Regards,
Luke



More information about the dovecot mailing list