[Dovecot] Login into other user's account // master user for non-master users // chroot to users.<user>

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Fri Oct 18 11:31:20 EEST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Currently some of our organizational roles uses shared secrets (aka the 
password) to access the mail account of an organizational role, say 
"sales" for example. For one, I don't like shared secrets, for second, 
there had been some changes to shared mailboxes, I can only say "user 
sales has deleted the message at then and then". Therefore I would like to 
access the mailboxes of organizational roles with the accounts of the 
humans performing the role currently.

Using sharing and ACLs it is possible to map the mailboxes of "sales" to 
"users.sales" namespace for specific other users, actually the human ones, 
say userA and userB for example.

However, userB does not like managing identities in its MUA and refuses to 
acknowledge the messages in users.sales for various reasons. One reason 
was that userB wants to visibly separate strictly both mail accounts, the 
private messages in "userB" and the role's ones in "sales".

Now, I came into thinking that it would be good in such case, if userB 
could authentificate as, say "sales*userB" - much like a master user - and 
ends in "sales"'s home, but with access permissions of "userB", well, like 
a chroot.


Would it be an interesting feature to add to Dovecot's core?


If I simulate "sales*userB" with password of userB and let the userdb 
return the home of sales, userB would gain "owner" privilegues of sales 
implicitly. So there seems to exist no workaround.

Kind regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUmDx3l3r2wJMiz2NAQLgVwgAw/RgAll9QPEwEPAY4hNHrTcieyZoCMUc
iTGBDYcfaELnlLZJupbM4fRPyVYMe4uRmuy2pBKXwDplCriW9FIETQ36Jx6oppZn
Ojf1+ZLjBUwr0OBpGMXyDd0XpNWgaEOiEzvvpOykO+pJJCKEJR7uR0usQ5cV6JRt
z7qiY3t7n7H0j12Oas7w+IsRrTgMe9FsJ4D37SwxeZCpM12y17E2T2mX10ycvnTM
27/Gai8iyp/4dlO0NqBZ+qU/txqs2h+y5SARngj4Ru9YkmwutC9b8/4kBObTzzdx
w1ahO3sYPTH0KmQ0Voc63H6T6U6CkBmYr9kqplkTdEiwtdg9AJSSfQ==
=1arj
-----END PGP SIGNATURE-----

More information about the dovecot mailing list