ACL for system users?
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Apr 13 09:31:52 EEST 2018
Dovecot will copy the mail root permissions when creating directories &
folders.
Aki
On 12.04.2018 22:45, Rubén Fernández Asensio wrote:
>
> Hello all,
>
> I'm setting up an IMAP server with dovecot. I've set up system users
> with PAM authentication and Maildir maiboxes.
>
> I'd like to share mailboxes among them, but regardless of what I try,
> I bump into filesystem permissions.
>
> I want to have Maildirs created for new users with the right
> permissions. I even changed "UMASK" in file /etc/login.defs from 022
> to 002, but the Maildirs are still created with 700 permissions:
>
> ls -l /home/ximplet2/
> total 4
> drwx------ 9 ximplet2 users 4096 Apr 12 19:10 Maildir
>
> Really there's no better way than running "chmod -R g=u
> /home/ximplet2/Maildir" and "chmod g+s /home/ximplet2/Maildir" for
> every user? Really??
>
> I read that, before v.2, Dovecot had a "umask" option to do precisely
> want I need, but it was removed.
>
> How are we supposed to use ACL with system users nowadays?
>
> Rubeno
>
> P.S: my doveconf -n:
>
> # 2.2.31 (65cde28): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.19 (e5c7051)
> # OS: Linux 4.4.0-119-generic x86_64 Ubuntu 16.04.4 LTS
> auth_mechanisms = plain login
> auth_verbose = yes
> auth_verbose_passwords = plain
> mail_access_groups = kundividantoj
> mail_location = maildir:~/Maildir:LAYOUT=fs
> mail_plugins = acl
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> extracttext imapsieve vnd.dovecot.imapsieve
> namespace {
> list = yes
> location = maildir:%%h/Maildir:INDEXPVT=~/Maildir/Komunujo/%%n
> prefix = Komunujo/%%n/
> subscriptions = no
> type = shared
> }
> namespace inbox {
> inbox = yes
> location =
> mailbox Malnetujo {
> auto = subscribe
> comment = Mesaĝoj ne finitaj nek senditaj
> special_use = \Drafts
> }
> mailbox Rubujo {
> auto = subscribe
> autoexpunge = 120 days
> comment = Ĉi tien iras la forviŝitaj mesaĝoj
> special_use = \Trash
> }
> mailbox Senditujo {
> auto = subscribe
> special_use = \Sent
> }
> mailbox Spamujo {
> auto = create
> autoexpunge = 30 days
> comment = Mesaĝoj markitaj kiel ne deziritaj
> special_use = \Junk
> }
> prefix =
> subscriptions = yes
> type = private
> }
> passdb {
> driver = pam
> }
> plugin {
> acl = vfile
> acl_shared_dict = file:/var/lib/dovecot/kundividitaj/shared-mailboxes
> imapsieve_mailbox1_before =
> file:/etc/dovecot/sieve/imapsieve/report-spam.sieve
> imapsieve_mailbox1_causes = COPY FLAG
> imapsieve_mailbox1_name = Spamujo
> imapsieve_mailbox2_before =
> file:/etc/dovecot/sieve/imapsieve/report-ham.sieve
> imapsieve_mailbox2_causes = COPY
> imapsieve_mailbox2_from = Spamujo
> imapsieve_mailbox2_name = *
> sieve = file:~/sieve;active=~/.dovecot.sieve
> sieve_after = /etc/dovecot/sieve/final
> sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.debug
> sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.debug
> sieve_pipe_bin_dir = /usr/bin
> sieve_plugins = sieve_imapsieve sieve_extprograms
> }
> protocols = " imap lmtp sieve"
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> unix_listener auth-userdb {
> group =
> mode = 0777
> user =
> }
> }
> ssl = required
> ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
> ssl_key = # hidden, use -P to show it
> userdb {
> driver = passwd
> }
> protocol lda {
> mail_plugins = acl sieve
> }
> protocol imap {
> mail_plugins = acl imap_acl imap_sieve
>
> }
>
More information about the dovecot
mailing list