[Dovecot] Why dovecot does not want to read my acl file?
Timo Sirainen
tss at iki.fi
Thu Dec 17 06:00:53 EET 2009
On Thu, 2009-12-17 at 10:55 +0900, Lukas Haase wrote:
> > But anyway, the problem has to do with userdb not returning those UNIX
> > groups that you expect.
>
> Oh, ok I think there is a point which I do not understand. What has the
> userdb to do with UNIX rights? As far as I understood from the wiki
> there are two levels:
>
> * UNIX rights. The mailboxes need to just have the correct *UNIX*
> permission in order to access the files in the needed way (read or
> write). So IMO this could also be achieved with, say, POSIX ACLs (setfacl)
Right. The issue has to do with what UNIX rights Dovecot sets for the
process. In a previous mail you said you used:
> userdb:
> driver: ldap
> args: /etc/dovecot/dovecot-ldap.conf
The question is what fields does LDAP return? When you're using ldap,
Dovecot doesn't directly use /etc/group or NSS equivalent to figure out
what groups a users belong to. If you want Dovecot to do that, you need
to return system_user=<username> field from userdb.
> So far I also do not understand what the userdb has to do with that. The
> userdb is just for *internal* users of the application (dovecot)
Exactly.
> and has
> nothing to do with the access system from the operating system or the
> system users/groups.
But you want Dovecot to interact with operating system's users/groups,
so you need to tell Dovecot how to do that.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091216/c737e0f1/attachment.bin
More information about the dovecot
mailing list