subject:"\[Dovecot\] Problem with dovecot\-acl"

Re: [Dovecot] Problem with dovecot-acl was not solved

2010-10-14 Thread Timo Sirainen

On Thu, 2010-10-07 at 17:11 +0400, dss wrote:
 Problems with acl in dovecot-1.2.15 was not solved! See my configs below.
 
 And I see the new bug - still something wrong with configs:
 cat dovecot-acl:
 user=t1 lrwsti

 User t1 can't create subfolers in inbox. He can only create subfolders in the 
 first levels:

Creation rights are taken from parent mailbox's 'k' right. Above I guess
is dovecot-acl to INBOX. So because user=t1 doesn't have 'k' right
there, he can't create anything below INBOX.

 Folders test3 and test4 can't be deleted by t1 - why? Owner of the test3 and 
 test4 - annother user, but but with group rights everething is fine.

Deletion right is 'x', which is taken from the mailbox's ACLs (not
parent's).

 User operdss also can create folders in the same level with such permissions. 
 What's wrong?

I'm not completely sure what you mean by this. These are symlinked
mailboxes, so Dovecot treats them as if they were user's own mailboxes.

[Dovecot] Problem with dovecot-acl was not solved

2010-10-07 Thread dss

Problems with acl in dovecot-1.2.15 was not solved! See my configs below.

And I see the new bug - still something wrong with configs:
cat dovecot-acl:
user=t1 lrwsti
#user=oper-olegs lrwsti
#user=oper-antona lrwsti
user=operdss lr
#user=operdss lrwsti

User t1 can't create subfolers in inbox. He can only create subfolders in the 
first levels:
Inbox
test3
test4
Outbox
Sent
Trash
Test1 - test folder created by t1 user

Folders test3 and test4 can't be deleted by t1 - why? Owner of the test3 and 
test4 - annother user, but but with group rights everething is fine.

User operdss also can create folders in the same level with such permissions. 
What's wrong?

imap:/home/t1/Maildir# ls -la
total 252
drwxrws--- 35 t1 mshare 4096 2010-10-07 15:59 .
drwxr-sr-x 3 root mail 4096 2010-09-22 16:02 ..
drwxrws--- 5 t1 mshare 4096 2010-09-15 12:28 
.BB0ENQQ2BDUEOwQwBEIENQQ7BEwEPQQwBE8- BD8EPgRHBEIEMA-
drwxrws--- 2 t1 mshare 4096 2010-10-07 15:41 cur
-rw-rw 1 t1 mshare 15 2010-10-07 15:59 dovecot-acl
-rw-rw 1 t1 mshare 383 2010-10-07 15:59 dovecot-acl-list
-rw-r- 1 root mshare 12288 2010-10-07 15:59 .dovecot-acl.swp
-rw-rw 1 operolegs mshare 1144 2010-09-24 12:16 dovecot.index
-rw-rw 1 t1 mshare 41984 2010-10-07 11:48 dovecot.index.cache
-rw-rw 1 t1 mshare 26380 2010-10-07 15:41 dovecot.index.log
-rw-rw 1 operantona mshare 17 2010-09-23 16:41 dovecot-keywords
-rw-rw 1 operantona mshare 1941 2010-09-27 10:46 dovecot-uidlist
-rw-rw 1 t1 mshare 8 2010-10-07 15:45 dovecot-uidvalidity
-rw-rw 1 t1 mshare 0 2010-09-22 10:54 dovecot-uidvalidity.4c99a838
drwxrws--- 5 t1 mshare 4096 2010-09-23 15:52 .Drafts
drwxrws--- 5 t1 mshare 4096 2010-09-22 11:44 .INBOX.1
drwxrws--- 5 t1 mshare 4096 2010-09-28 16:39 .INBOX.processed
drwxrws--- 5 operolegs mshare 4096 2010-09-27 17:14 .INBOX.!processed_olegs
drwxrws--- 5 t1 mshare 4096 2010-09-23 15:30 .INBOX.test
drwxrws--- 5 operdss mshare 4096 2010-09-28 16:39 .INBOX.test1
drwxrws--- 5 operdss mshare 4096 2010-10-05 15:33 .INBOX.test10
drwxrws--- 5 operdss mshare 4096 2010-10-06 16:42 .INBOX.test11
drwxrws--- 5 operdss mshare 4096 2010-10-07 10:35 .INBOX.test12
drwxrws--- 5 operdss mshare 4096 2010-10-07 11:26 .INBOX.test13
drwxrws--- 5 t1 mshare 4096 2010-09-28 16:39 .INBOX.test2
drwxrws--- 5 operdss mshare 4096 2010-09-29 13:52 .INBOX.test3
drwxrws--- 5 operdss mshare 4096 2010-09-29 13:52 .INBOX.test4
drwxrws--- 5 operdss mshare 4096 2010-09-29 15:56 .INBOX.test5
drwxrws--- 5 operdss mshare 4096 2010-09-29 15:57 .INBOX.test6
drwxrws--- 5 operdss mshare 4096 2010-09-29 15:57 .INBOX.test7
drwxrws--- 5 operdss mshare 4096 2010-09-29 16:43 .INBOX.test8
drwxrws--- 5 t1 mshare 4096 2010-10-05 15:30 .INBOX.test9
drwxrws--- 5 t1 mshare 4096 2010-09-28 17:24 .INBOX.tmp
drwxrws--- 2 t1 mshare 4096 2010-09-27 10:46 new
drwxrws--- 5 t1 mshare 4096 2010-10-07 11:48 .Sent
drwxrws--- 5 operdss mshare 4096 2010-09-29 15:55 .Sent.test
-rw-rw 1 operdss mshare 418 2010-10-07 15:44 subscriptions
drwxrws--- 5 t1 mshare 4096 2010-09-15 12:17 .Templates
drwxrws--- 5 operdss mshare 4096 2010-10-07 15:42 .test16
drwxrws--- 5 operdss mshare 4096 2010-10-07 15:45 .test17
drwxrws--- 2 t1 mshare 4096 2010-09-27 10:46 tmp
drwxrws--- 5 t1 mshare 4096 2010-10-07 15:42 .Trash
drwxrws--- 5 t1 mshare 4096 2010-09-23 15:30 .Trash.11
drwxrws--- 5 operantona mshare 4096 2010-09-23 16:39 
.Trash.BD4EMQRABDAEMQQ+BEIEMAQ9BD4-_antona
drwxrws--- 5 t1 mshare 4096 2010-10-07 15:42 .Trash.test16
drwxrws--- 5 operdss mshare 4096 2010-09-29 16:01 .Trash.test8




=
Old bug in new version 1.2.15:
-

I have a problem with dovecot-acl. Some of our users need to use the same 
Mailbox with all folders: Inbox (with subfolders), Outbox, Send and Deleted, 
(some users need in full righs, some - readonly) so I choosed Symlinking 
mailboxes and tried to use dovecot-acl file.

cat dovecot-acl:
user=t1 lrwsti
user=operolegs lrwsti
user=operantona lrwsti
user=operdss lr

User operdss have lrwsti rights in this shared mailbox unstead of lr! But if I 
comment out other users in the dovecot-acl:

#user=t1 lrwsti
#user=operolegs lrwsti
#user=operantona lrwsti
user=operdss lr

User operdss have lr rights. Whats wrong?
It seems, that dovecot-acl is working only for one user and for one line in 
config.
How can I fix it?

===
Here is my configs.

imap:/usr/local/dovecot# /usr/local/dovecot/sbin/dovecot -n
# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-2-686 i686 Debian 5.0.6 
log_path: /var/log/dovecot.log
log_timestamp: %Y-%m-%d %H:%M:%S 
disable_plaintext_auth: no
login_dir: /usr/local/dovecot-1.2.15/var/run/dovecot/login
login_executable: /usr/local/dovecot-1.2.15/libexec/dovecot/imap-login
mail_privileged_group: mail
mail_plugins: acl imap_acl
auth default:
debug: yes
passdb:
driver: pam
userdb:
driver: passwd



imap:~# ls -l /home/t1/Maildir
lrwxrwxrwx 1 root root 21 2010-09-22 16:03 /home/t1

[Dovecot] Problem with dovecot-acl

2010-09-29 Thread dss

I have a problem with dovecot-acl. Some of our users need to use the same 
Mailbox with all folders: Inbox (with subfolders), Outbox, Send and Deleted, 
(some users need in full righs, some - readonly) so I choosed Symlinking 
mailboxes and tried to use dovecot-acl file.

cat dovecot-acl:
user=t1 lrwsti
user=operolegs lrwsti
user=operantona lrwsti
user=operdss lr

User operdss have lrwsti rights in this shared mailbox unstead of lr! But if I 
comment out other users in the dovecot-acl:

#user=t1 lrwsti
#user=operolegs lrwsti
#user=operantona lrwsti
user=operdss lr

User operdss have lr rights. Whats wrong?
It seems, that dovecot-acl is working only for one user.
How can I fix it?

===
Here is my configs.

imap:~# dovecot -n
# 1.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.26-2-686 i686 Debian 5.0.6 
log_timestamp: %Y-%m-%d %H:%M:%S 
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mbox_write_locks: fcntl dotlock
mail_plugins: acl imap_acl
auth default:
  passdb:
driver: pam
  userdb:
driver: passwd
plugin:
  acl: vfile



imap:~# ls -l /home/t1/Maildir
lrwxrwxrwx 1 root root 21 2010-09-22 16:03 /home/t1/Maildir - 
/var/mail/720/Maildir
imap:~# ls -l /home/operolegs/Maildir
lrwxrwxrwx 1 root root 21 2010-09-23 16:00 /home/operolegs/Maildir - 
/var/mail/720/Maildir
imap:~# ls -l /home/operantona/Maildir
lrwxrwxrwx 1 root root 21 2010-09-23 16:00 /home/operantona/Maildir - 
/var/mail/720/Maildir
imap:~# ls -l /home/operdss/Maildir   
lrwxrwxrwx 1 root root 16 2010-09-28 16:32 /home/operdss/Maildir - 
/home/t1/Maildir

---

imap:/home/t1/Maildir# ls -l
total 112
drwxrws--- 2 t1 mshare  4096 2010-09-27 10:46 cur
-rw-rw 1 t1 mshare99 2010-09-29 15:56 dovecot-acl
-rw-rw 1 operdssmshare   312 2010-09-29 16:43 dovecot-acl-list
-rw-rw 1 operolegs  mshare  1144 2010-09-24 12:16 dovecot.index
-rw-rw 1 t1 mshare 41984 2010-09-28 16:39 dovecot.index.cache
-rw-rw 1 t1 mshare 25068 2010-09-28 16:38 dovecot.index.log
-rw-rw 1 operantona mshare17 2010-09-23 16:41 dovecot-keywords
-rw-rw 1 operantona mshare  1941 2010-09-27 10:46 dovecot-uidlist
-rw-rw 1 t1 mshare 8 2010-09-29 16:43 dovecot-uidvalidity
-rw-rw 1 t1 mshare 0 2010-09-22 10:54 
dovecot-uidvalidity.4c99a82f
drwxrws--- 2 t1 mshare  4096 2010-09-27 10:46 new
-rw-rw 1 operdssmshare   327 2010-09-29 16:43 subscriptions
drwxrws--- 2 t1 mshare  4096 2010-09-27 10:46 tmp

-

imap:/home/t1/Maildir# dpkg --list|grep dovecot 
ii  dovecot-common   1:1.2.13-1~bpo50+1 
secure mail server that supports mbox and maildir mailboxes
ii  dovecot-imapd1:1.2.13-1~bpo50+1 
secure IMAP server that supports mbox and maildir mailboxes

dovecot packages - from backports
---

Linux: Debian Lenny up2date

Re: [Dovecot] Problem with dovecot-acl

2010-09-29 Thread Timo Sirainen

On Wed, 2010-09-29 at 23:26 +0400, dss wrote:
 I have a problem with dovecot-acl. Some of our users need to use the
 same Mailbox with all folders: Inbox (with subfolders), Outbox, Send
 and Deleted, (some users need in full righs, some - readonly) so I
 choosed Symlinking mailboxes and tried to use dovecot-acl file.

This is only a problem with symlinked mailboxes, because Dovecot thinks
you own the mailbox and uses allow everything as the default ACL.

 cat dovecot-acl:
 user=t1 lrwsti
 user=operolegs lrwsti
 user=operantona lrwsti
 user=operdss lr
 
 User operdss have lrwsti rights in this shared mailbox unstead of lr! But if 
 I comment out other users in the dovecot-acl:
 
 #user=t1 lrwsti
 #user=operolegs lrwsti
 #user=operantona lrwsti
 user=operdss lr

I'll try to get this fixed properly tomorrow, but for now you can work
around it by first removing all rights from owner:

owner
user=t1 ...
user=...

Re: [Dovecot] Problem with dovecot-acl was not solved

[Dovecot] Problem with dovecot-acl was not solved

[Dovecot] Problem with dovecot-acl

Re: [Dovecot] Problem with dovecot-acl

4 matches

Site Navigation

Mail list logo

Footer information