Am 2016-02-08 um 11:50 schrieb Timo Sirainen:
On 05 Feb 2016, at 17:42, Peter Chiochetti <p...@myzel.net> wrote:

How would I go, If I wanted ACL processing to start with
%{auth_user} instead of %{user} when determining rights?

You could kludge it by returning master_user=%{auth_user} in userdb,
but that might affect other things..
[…]

I tested the kludge: I put userdb_master_user=someone into the static passwd file for a certain auth_user and now global ACLs apply; as an extra bonus now userdb_acl_groups=somegroup starts to be applied too for that account!

Observations:
- my virtual users start with no rights
- I add rights in the global dovecot-acl file
- changes work immediately, no restart necessary
- only users with a master_user set are affected
- in the future a single stance in local.conf will apply to all users

I could not put master_user=%{auth_user} into the userdb stance (nor the passwd file), because the parser does not expand the variable, possibly a formatting error on my side: "doveadm -D acl debug -u myname INBOX" then prints:
Debug: Added userdb setting: plugin/master_user=auth_user}

After all, once more
A happy dovecot user!

--
peter

Reply via email to