[Dovecot] Problems with acl and shared namespace
Udo Lembke
udo.lembke at albertbauer.com
Tue Jul 5 13:47:32 EEST 2011
Hi,
i'm answer myself to give other people an hint which has an similar
problem (or better say similar "none experiences" with dovecot).
Am 30.06.2011 12:01, schrieb Udo Lembke:
> Hi,
> i'm a dovecot-newbie and also new at this mailinglist.
> I'm try to configure an mailserver with dovecot2, postfix and
> postfixadmin. At this time i struggle with acl and shared namespace.
> ...
At this time i'm know a little bit more (it's allways good to read the
doku).
I change my layout to: privat mailbox, privat archive area and public
shared area (because of trouble to see shared folder from other accounts).
The public shared area are symlinked below the archiv-area:
ls -lsa archiv/example.org/test4/
insgesamt 16
4 drwx------ 3 dovecot dovecot 4096 5. Jul 11:40 .
4 drwx------ 3 dovecot dovecot 4096 5. Jul 11:27 ..
4 drwx------ 2 dovecot dovecot 4096 5. Jul 11:27 archiv
4 -rw------- 1 dovecot dovecot 108 5. Jul 11:40 dovecot-acl-list
0 lrwxrwxrwx 1 root root 16 5. Jul 11:27 public -> /var/data/public
The problem is, that the acls are not reconiced - the acl should forbid
an access, but access is possible.
This show the telnet imap-session:
. list "" "*"
* LIST (\HasNoChildren) "/" "Drafts"
* LIST (\HasNoChildren) "/" "Spam"
* LIST (\HasNoChildren) "/" "Sent"
* LIST (\HasNoChildren) "/" "Trash"
* LIST (\HasNoChildren) "/" "INBOX"
* LIST (\Noselect \HasChildren) "/" "public"
* LIST (\Noselect \HasChildren) "/" "archiv/test4 at example.org"
* LIST (\Noselect \HasChildren) "/" "archiv/test4 at example.org/public"
* LIST (\Noselect \HasChildren) "/"
"archiv/test4 at example.org/public/kunde_2"
* LIST (\HasNoChildren) "/"
"archiv/test4 at example.org/public/kunde_2/Kundenmails"
* LIST (\Noselect \HasChildren) "/"
"archiv/test4 at example.org/public/kunde_3"
* LIST (\HasNoChildren) "/"
"archiv/test4 at example.org/public/kunde_3/Kundenmails"
* LIST (\Noselect \HasNoChildren) "/" "archiv/test4 at example.org/archiv"
. OK List completed.
During the listing i got the the error:
Jul 05 12:21:41 imap(test4 at example.org): Debug: acl: No lookup right to
mailbox: public/kunde_2
Jul 05 12:21:41 imap(test4 at example.org): Debug: acl: No lookup right to
mailbox: public/kunde_2/Kundenmails
Jul 05 12:21:41 imap(test4 at example.org): Debug: acl: No lookup right to
mailbox: public/kunde_3
Jul 05 12:21:41 imap(test4 at example.org): Debug: acl: No lookup right to
mailbox: public/kunde_3/Kundenmails
This ist right, but why was the mailboxes showed (and also full accessible)?
The acl-files:
cat public/dovecot-acl
#anyone lr
cat public/kunde_2/dovecot-acl
user=ulembke at example.org lrwstipeka
user=test3 at example.org lrwstipeka
cat public/kunde_2/Kundenmails/dovecot-acl
user=test3 at example.org akeilprwts
user=ulembke at example.org akeilprwts
cat public/kunde_3/dovecot-acl
user=ulembke at example.org lrwstipeka
user=test2 at example.org lrwstipeka
anyone
The acl-entry in the config:
plugin {
acl = vfile
}
# To let users LIST mailboxes shared by other users, Dovecot needs a
# shared mailbox dictionary. For example:
plugin {
acl_shared_dict = file:/var/data/dovecot/shared-mailboxes/%u
}
I have read, that acl_shared_dict with an sql-backend work better like
vfile. Use anybody normal vfile for that?
The public-namespace:
namespace {
type = public
separator = /
prefix = "public/"
location =
maildir:/var/data/public:INDEX=/var/data/indexes/public/%u:LAYOUT=fs
inbox = no
hidden = no
subscriptions = no
list = yes
}
The other config should the same like in the first post.
Any hint?
Best regards
Udo (perhaps i stick to cyrus)
More information about the dovecot
mailing list