[Dovecot] master user and ACL's
Timo Sirainen
tss at iki.fi
Thu Feb 13 03:40:46 UTC 2014
On 9.2.2014, at 17.36, Peter Mogensen <apm at one.com> wrote:
> Quick question...I read in the docs that:
> "Master user is still subject to ACLs just like any other user, which means that by default the master user has no access to any mailboxes of the user."
> ... and that the standard workaround is to return master_user=%u from the userdb.
>
> But why is the master_user authn-id used in the ACLs and not the authz-id (requested-login-user) ?
>
> Isn't the whole point of SASL authz-id semantics to have authorization resolved based on the authz-id?
Some people are using master user logins to do other types of things, such as allowing voicemail software to access only the Voicemail folder of everyone. Or spam software access only to the Spam folder. Or an alternative read-only username+password for all users that can access the same user's mails only read-only.
More information about the dovecot
mailing list