Re: [Dovecot] Dovecot v1.2 ACL shared-boxes users in SQL, how to remove entries?
Robert Schetterer schrieb: > Steffen Kaiser schrieb: >> Hello, >> >> I noticed that entries added to the ACL dict are not removed, when an >> user no longer has explicit ACLs to another user, e.g.: >> >> [at the beginning no ACLs for "user"] >> 1 login testuser pwd >> 2 setacl INBOX user lp >> 3 deleteacl INBOX user >> >> Although "user" has no ACLs of mailfolders of "testuser", the >> user-testuser relation is still in the DB and upon login of user the >> ACLs in user's Maildir is consulted. >> >> Bye, >> >> -- Steffen Kaiser > > Hi Steffen, did you use a setup like described by example > acl sql > > http://wiki.dovecot.org/SharedMailboxes/Shared > > with mysql? > > this is what i will need > but couldnt found any time yet to test it > just for complete, i tested acl setup with mysql and after a few tests it looks like it works as described in the example wiki without any special modify for mysql ,too -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] Dovecot v1.2 ACL shared-boxes users in SQL, how to remove entries?
On Thu, 2009-06-25 at 15:40 +0200, Steffen Kaiser wrote: > I noticed that entries added to the ACL dict are not removed, when an user > no longer has explicit ACLs to another user, e.g.: > > [at the beginning no ACLs for "user"] > 1 login testuser pwd > 2 setacl INBOX user lp > 3 deleteacl INBOX user > > Although "user" has no ACLs of mailfolders of "testuser", the > user-testuser relation is still in the DB and upon login of user the ACLs > in user's Maildir is consulted. Well, yeah, looks like it's not too easy to detect in the code. I think I won't fix it before v1.2.0. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Dovecot v1.2 ACL shared-boxes users in SQL, how to remove entries?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 26 Jun 2009, Robert Schetterer wrote: Hallo Robert, Hi Steffen, did you use a setup like described by example acl sql http://wiki.dovecot.org/SharedMailboxes/Shared with mysql? this is what i will need but couldnt found any time yet to test it I added the example with pgsql today :) I found exactly one reference to dict::proxy on the list and thought it's worth putting into Wiki, in order I can find it again. Yes, I do, but I get mad over my system users. The ACL work on IMAP-side, but they are not mapped correctly to Unix-side (aka file permissions). Timo mentioned this somewhen on the list. I created accounts in the same group, this works like charm. Thunderbird (well, an elder one) is a bit slow to find deeply nested shared folders for the first time, but that's normal. That's why I am looking into a "acl_change_notify" feature for Dovecot. I think, I found something for read and write IMAP ACLs, but "a"dmin ACL won't work 100%. Well, it makes me think to change to virtual users. The extra security with system users comes from a traditional setup, which no longer applies. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSkTNX3WSIuGy1ktrAQJ3hAgAgDRps/G5Hu3cFpvO8OIkOwiceWmTxCYG Zuw25Yyz1cwNj28zIJ3O6iMn8UOr4SZDp54QhJzCatTzqpMFJW7XZI5BwxzJvQcm ONcC+qUgtdYPm2GzAQwnTQTXj4QApW1CNLaf0keY3yawEOLVnoKhrdCOxVH6g1eR w7RsVEb3bIW0I2cwlkKeV97Ts59xOuyVDpEN+FHAKquecJyd9eXy0M0SRFVYB++l lKjIpWzFEVFntlXO3iAwAkRhFbSHAlXmnC4XAyzaz0QalIRvhHWBx4P8tERt0EpC aGoA2wnNSPywxPkxwg3OkpglgtEfFKgriKG74FpGfWsj3VDj96/q7A== =XQLp -END PGP SIGNATURE-
Re: [Dovecot] Dovecot v1.2 ACL shared-boxes users in SQL, how to remove entries?
Steffen Kaiser schrieb: > Hello, > > I noticed that entries added to the ACL dict are not removed, when an > user no longer has explicit ACLs to another user, e.g.: > > [at the beginning no ACLs for "user"] > 1 login testuser pwd > 2 setacl INBOX user lp > 3 deleteacl INBOX user > > Although "user" has no ACLs of mailfolders of "testuser", the > user-testuser relation is still in the DB and upon login of user the > ACLs in user's Maildir is consulted. > > Bye, > > -- Steffen Kaiser Hi Steffen, did you use a setup like described by example acl sql http://wiki.dovecot.org/SharedMailboxes/Shared with mysql? this is what i will need but couldnt found any time yet to test it -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: [Dovecot] Dovecot v1.2 ACL shared-boxes users in SQL, how to remove entries?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 25 Jun 2009, Steffen Kaiser wrote: I noticed that entries added to the ACL dict are not removed, when an user no longer has explicit ACLs to another user, e.g.: [at the beginning no ACLs for "user"] 1 login testuser pwd 2 setacl INBOX user lp 3 deleteacl INBOX user Although "user" has no ACLs of mailfolders of "testuser", the user-testuser relation is still in the DB and upon login of user the ACLs in user's Maildir is consulted. Can/should remove Dovecot the dict entry, if "user" logins and Dovecot detects that there are no ACLs on mailfolders of "testuser" for "user"? Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSkOr53WSIuGy1ktrAQLFqwf/cgjgbEAuVqgCkyjcVOiPMPkVkQ7dn63Z Rd9FqPKPSUd8T3fR9uRwfOCz6KGUpESX9TqzFxuEYVbooTMZijQQ9p1lL1sFY7dD 9ScFaZoGzmV8QyZEYOIzWyU29GztGUqfMbLld6WI2nSsLuxHWryx6J/Gq44jAiVp WVUK8efUtNqubYre770gO5NrrzFNnJEgnjIvhyBZKikw8GnY10MwFfDP/+VGMmUZ F4sbFoZwOH1WfYAZtph7FhPF7uEMcHtT/9Uez3egV+v1sBzP59EtErUh0a9Vrjef l76OyYpzuXtDGar/e1suARnAXt9Q/vuvGygvtagFu2xqRb3ZEoE6VQ== =rgCG -END PGP SIGNATURE-
[Dovecot] Dovecot v1.2 ACL shared-boxes users in SQL, how to remove entries?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I noticed that entries added to the ACL dict are not removed, when an user no longer has explicit ACLs to another user, e.g.: [at the beginning no ACLs for "user"] 1 login testuser pwd 2 setacl INBOX user lp 3 deleteacl INBOX user Although "user" has no ACLs of mailfolders of "testuser", the user-testuser relation is still in the DB and upon login of user the ACLs in user's Maildir is consulted. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSkN+VHWSIuGy1ktrAQLR8ggAjmyUvByjz/acGoQzXahh4dr4/+FT9bx+ FU9ze1dK9ZgFWW+SkBrgmMW6ayu77rHG3Qp66ONAgJFRmBv+w6G8IJA8yueD/8z4 ZsGN1ekQxBwqAJWnGyMAVNiksRwE0SFUNAoTIKfjOLE21fQhiI6aGpdFWqP89/Vb jITOQ0+woAm2g2DvCBEMRXRZoFZGO8UCX6RCXaaqGV0c7mEkwRn/cSB/EimTTHr1 lkGXtjpJJ7u9d5apSK2TX5FFKPmKgU9G4rCzMvG9sNB808dwvtnaNBCii3btlxRT 5UBIji4PBx7zs6APctIjfsuMg5yiMg92ip9SBMYnBZ2BmmCMzDu9iA== =gAST -END PGP SIGNATURE-