Hello all,
I'm setting up a Dovecot environment here, version 1.2.15 on Debian 6.0.2
squeeze. This is actually a complete revamp of the previous setup we have
in-place here, built from the ground up with updated versions of all
involved software.
The operators have told me that they use some scripts hacked up by a
previous sysadmin to give a single admin account full access to all user
mail. That is, if any user runs into problems, they: 1. Call in; 2. The
operator logs in as the admin user; 3. Operator performs maintenance duties
on user email.
I've been researching the possibility of using Dovecot shared namespaces to
perform that very same task in a better fashion in this new server. So far,
I've been able to globally share users' INBOXes and view them from a single
admin account (through user= entries on global acl's). My ultimate goal,
however, is to have access to all user mailboxes with any user that's a
member of a particular group, adding all operators to that group as needed.
- - - - -
First question, then, is this one: how can I give global access to all user
mailboxes? I've read that it's possible to give access to all subfolders of
a particular folder throught the use of a .DEFAUL acl. That didn't seem to
work with the uppermost directory, however. Here's what I tried:
root@mail:/etc/dovecot# dovecot -a | grep acl:
acl: vfile:/etc/dovecot/acl:cache_secs=300
root@mail:/etc/dovecot# cat acl/.DEFAULT
owner lrwstipekxa
user=admin lrwstipekxa
Renaming .DEFAULT to INBOX does achieve the intended goal, but only for the
INBOX folder evidently.
- - - - -
Second question is somewhat simpler. So far I've been using a single admin
user, but I'd like to switch to using an admin group in the future. I've
read that the best way to do that would be to use the user_attrs entry in my
dovecot-ldap.conf file, while using a userdb ldap. The groups should be
strings separated by commas in the appropriate attribute, from what I
understand.
Is there any readily-available or recommended schema I can use to fill up
that attribute? I'm using the default ones (plus samba.schema) but I've seen
mostly space to fit GID's, not group names.
Thanks in advance,
fbscarel
PS: Here's my dovecot -a output, should it be needed.
- - - - -
root@mailaluno:~# dovecot -a
# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.2
base_dir: /var/run/dovecot
log_path: /var/log/dovecot/error.log
info_log_path: /var/log/dovecot/info.log
log_timestamp: %Y-%m-%d %H:%M:%S
syslog_facility: mail
protocols: imap pop3 pop3s managesieve
listen(default): *
listen(imap): *
listen(pop3): *
listen(managesieve): localhost:2000
ssl_listen: 127.0.0.1
ssl: yes
ssl_ca_file:
ssl_cert_file: /etc/ssl/certs/dovecot.pem
ssl_key_file: /etc/ssl/private/dovecot.pem
ssl_key_password:
ssl_parameters_regenerate: 168
ssl_cipher_list:
ssl_cert_username_field: commonName
ssl_verify_client_cert: no
disable_plaintext_auth: no
verbose_ssl: yes
shutdown_clients: yes
nfs_check: yes
version_ignore: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
login_user: dovecot
login_greeting: Server ready.
login_log_format_elements: user=%u method=%m rip=%r lip=%l %c
login_log_format: %$: %s
login_process_per_connection: no
login_chroot: yes
login_trusted_networks:
login_process_size: 64
login_processes_count: 5
login_max_processes_count: 128
login_max_connections: 256
valid_chroot_dirs:
mail_chroot:
max_mail_processes: 512
mail_max_userip_connections: 10
verbose_proctitle: no
first_valid_uid: 108
last_valid_uid: 0
first_valid_gid: 112
last_valid_gid: 0
mail_access_groups:
mail_privileged_group: mail
mail_uid:
mail_gid:
mail_location:
mail_cache_fields:
mail_never_cache_fields: imap.envelope
mail_cache_min_mail_count: 0
mailbox_idle_check_interval: 30
mail_debug: yes
mail_full_filesystem_access: no
mail_max_keyword_length: 50
mail_save_crlf: no
mmap_disable: no
dotlock_use_excl: yes
fsync_disable: no
mail_nfs_storage: no
mail_nfs_index: no
mailbox_list_index_disable: yes
lock_method: fcntl
maildir_stat_dirs: no
maildir_copy_with_hardlinks: yes
maildir_copy_preserve_filename: no
maildir_very_dirty_syncs: no
mbox_read_locks: fcntl
mbox_write_locks: fcntl dotlock
mbox_lock_timeout: 300
mbox_dotlock_change_timeout: 120
mbox_min_index_size: 0
mbox_dirty_syncs: yes
mbox_very_dirty_syncs: no
mbox_lazy_writes: yes
dbox_rotate_size: 2048
dbox_rotate_min_size: 16
dbox_rotate_days: 1
mail_drop_priv_before_exec: no
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_executable(managesieve): /usr/lib/dovecot/managesieve
mail_process_size: 256
mail_plugins(default): quota imap_quota trash mail_log acl imap_acl
mail_plugins(imap): quota imap_quota trash mail_log acl
