Re: [Dovecot] Making shared folders "unmovable"
Well, I just noticed this in my logs after I re-loaded the latest Dovecot config I tried: Jan 13 15:09:45 mail dovecot: SIGHUP received - reloading configuration Jan 13 15:09:45 mail dovecot: read(imap dump-capability process) failed: Interrupted system call Jan 13 15:09:45 mail dovecot: Invalid configuration, keeping old one Jan 13 15:09:45 mail dovecot: child 2085 (unknown) returned error 82 (Internal logging error) It's apparently been doing this every time I've reloaded the config, so this is probably why none of my changes with the ACLs are working. :/ Any thoughts on what could be causing this kind of error?? Does that error just basically mean something's set wrong somewhere in dovecot.conf? David
Re: [Dovecot] Making shared folders "unmovable"
On 2011-01-12 1:10 PM, Dave wrote: > > I have this in my public namespace, and it works well: > > ... > > What does your dovecot -n say? > > I assume these are the lines you're looking for from dovecot -n? > > mail_plugins: acl imap_acl > plugin: > acl: vfile > > Also, I just saw when I ran that command that it's Dovecot 1.1 > series. Not 1.2 series. My bad. :( Will that make a difference? I > also am not super-familiar with namespaces, so I don't know that any > are set up in any way. I'll look at the documentation for namespaces. > > David > It is supposed to still work with 1.1, you just don't have the ability to use IMAP to change acls. One thing to check is that the dovecot-acl file you created has the same owner and permissions as the folder in which it resides. Also note that you will need the dovecot-acl file in every folder that you want it to apply to, including the sub-folders. ACLs are only inherited by new folders from their parent when they are created. -Greg signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Making shared folders "unmovable"
> I have this in my public namespace, and it works well: > ... > What does your dovecot -n say? I assume these are the lines you're looking for from dovecot -n? mail_plugins: acl imap_acl plugin: acl: vfile Also, I just saw when I ran that command that it's Dovecot 1.1 series. Not 1.2 series. My bad. :( Will that make a difference? I also am not super-familiar with namespaces, so I don't know that any are set up in any way. I'll look at the documentation for namespaces. David
Re: [Dovecot] Making shared folders "unmovable"
On 2011-01-12 9:41 AM, Dave wrote:
> > By default Dovecot doesn't allow using the IMAP "anyone" or
> > "authenticated" identifier, because it would be an easy way to spam
> > other users in the system. If you wish to allow it, set:
> >
> > plugin {
> > acl_anyone = allow
> > }
>
> Greg, thanks for your reply, I missed that in the wiki about the
> "anyone" identifier. I will try that setting that you mention, BUT I
> don't know that it will work because before I tried using "anyone" as
> the identifier I tried using the username I was logging into the
> account with (using the "user=" parameter in place of "anyone"), and
> that didn't work either. :(
>
> ...
>
> OK, I tried it with the username I use to login to the account instead
> of "anyone", and with "owner" as Timo suggested (thank you as well),
> and neither of those worked. My dovecot-acl contained "user=dave
> lrwstipea" in the first case and "owner lrwstipea" in the second, and
> neither is making a difference, I can still rename/delete/etc that
> folder. Any other thoughts?? I don't need to restart dovecot or
> reload the config or anything if I make a change to the dovecot-acl
> file do I?
>
> David
>
>
I have this in my public namespace, and it works well:
authenticated lrs
user=gfinch lrwstipekxa
What does your dovecot -n say?
-Greg
signature.asc
Description: OpenPGP digital signature
Re: [Dovecot] Making shared folders "unmovable"
> By default Dovecot doesn't allow using the IMAP "anyone" or
> "authenticated" identifier, because it would be an easy way to spam
> other users in the system. If you wish to allow it, set:
>
> plugin {
> acl_anyone = allow
> }
Greg, thanks for your reply, I missed that in the wiki about the
"anyone" identifier. I will try that setting that you mention, BUT I
don't know that it will work because before I tried using "anyone" as
the identifier I tried using the username I was logging into the account
with (using the "user=" parameter in place of "anyone"), and that didn't
work either. :(
...
OK, I tried it with the username I use to login to the account instead
of "anyone", and with "owner" as Timo suggested (thank you as well), and
neither of those worked. My dovecot-acl contained "user=dave lrwstipea"
in the first case and "owner lrwstipea" in the second, and neither is
making a difference, I can still rename/delete/etc that folder. Any
other thoughts?? I don't need to restart dovecot or reload the config
or anything if I make a change to the dovecot-acl file do I?
David
Re: [Dovecot] Making shared folders "unmovable"
On 12.1.2011, at 1.37, Dave wrote:
> Well, I've tried ACLs before and had no success, which I remembered when
> looking back through the config file to try it now. :) But, perhaps I'm
> missing something obvious! Here's what I've done: I enabled the ACL features
> in IMAP with "mail_plugins = acl imap_acl" under the "protocol imap {"
> section, as instructed in the wiki. I also added "acl = vfile" under the
> "plugin {" section. I HUPped Dovecot so as to re-read the config, and put a
> "dovecot-acl" in Maildir/.TestFolder that contains 1 line:
> anyone lrwstipea
owner, not anyone
Re: [Dovecot] Making shared folders "unmovable"
On 2011-01-11 3:37 PM, Dave wrote:
> Well, I've tried ACLs before and had no success, which I remembered
> when looking back through the config file to try it now. :) But,
> perhaps I'm missing something obvious! Here's what I've done: I
> enabled the ACL features in IMAP with "mail_plugins = acl imap_acl"
> under the "protocol imap {" section, as instructed in the wiki. I
> also added "acl = vfile" under the "plugin {" section. I HUPped
> Dovecot so as to re-read the config, and put a "dovecot-acl" in
> Maildir/.TestFolder that contains 1 line:
> anyone lrwstipea
>
> So, in theory, that should do it right? No "x" and no "k" permissions
> in that list for "anyone", yet I can still delete, move, and rename
> the "TestFolder" folder (in which that dovecot-acl file resides, on
> disk in the folder above) through my mail client. What am I missing?
> Clearly something! :) (I haven't tried restarting Dovecot yet as
> there are some people using the mailbox at the moment, fwiw.)
> Dave
>
>
> On 1/11/2011 4:11 PM, Willie Gillespie wrote:
>> Jose Celestino wrote:
>>> You may be able to do that with ACLs.
>>
>> Jose is right. Take away the x and k rights with ACLs.
>>
>>
From the WIKI at http://wiki1.dovecot.org/SharedMailboxes/Shared
By default Dovecot doesn't allow using the IMAP "anyone" or
"authenticated" identifier, because it would be an easy way to spam
other users in the system. If you wish to allow it, set:
plugin {
acl_anyone = allow
}
Note that you can also do this only for some users by returning the acl_anyone
as userdb extra field .
-Greg
signature.asc
Description: OpenPGP digital signature
Re: [Dovecot] Making shared folders "unmovable"
Well, I've tried ACLs before and had no success, which I remembered when
looking back through the config file to try it now. :) But, perhaps I'm
missing something obvious! Here's what I've done: I enabled the ACL
features in IMAP with "mail_plugins = acl imap_acl" under the "protocol
imap {" section, as instructed in the wiki. I also added "acl = vfile"
under the "plugin {" section. I HUPped Dovecot so as to re-read the
config, and put a "dovecot-acl" in Maildir/.TestFolder that contains 1 line:
anyone lrwstipea
So, in theory, that should do it right? No "x" and no "k" permissions
in that list for "anyone", yet I can still delete, move, and rename the
"TestFolder" folder (in which that dovecot-acl file resides, on disk in
the folder above) through my mail client. What am I missing? Clearly
something! :) (I haven't tried restarting Dovecot yet as there are some
people using the mailbox at the moment, fwiw.)
Dave
On 1/11/2011 4:11 PM, Willie Gillespie wrote:
Jose Celestino wrote:
You may be able to do that with ACLs.
Jose is right. Take away the x and k rights with ACLs.
Re: [Dovecot] Making shared folders "unmovable"
Jose Celestino wrote: On Ter, 2011-01-11 at 12:27 -0600, Dave wrote: I have set up an area of shared folders with Dovecot 1.2 that is accessed by several people (by way of one account, and everyone who logs in sees these same folders), and the only problem with this setup is that occasionally somebody moves one of the folders underneath another folder or somewhere else in the folder structure, and this sometimes disrupts some automatic procmail filters and the like. Is there a way to keep folders in a shared setup such as this "static" or "unmovable" so that the users can't disrupt the structure? Like, where the folder structure itself can't be changed, but new messages can still come in to the folders? You may be able to do that with ACLs. Jose is right. Take away the x and k rights with ACLs.
Re: [Dovecot] Making shared folders "unmovable"
On Ter, 2011-01-11 at 12:27 -0600, Dave wrote: > I have set up an area of shared folders with Dovecot 1.2 that is > accessed by several people (by way of one account, and everyone who logs > in sees these same folders), and the only problem with this setup is > that occasionally somebody moves one of the folders underneath another > folder or somewhere else in the folder structure, and this sometimes > disrupts some automatic procmail filters and the like. > > Is there a way to keep folders in a shared setup such as this "static" > or "unmovable" so that the users can't disrupt the structure? Like, > where the folder structure itself can't be changed, but new messages can > still come in to the folders? > You may be able to do that with ACLs. -- Jose Celestino | http://japc.uncovering.org/files/japc-pgpkey.asc "Assumption is the Mother of Screw-Up" -- Mr. John Elwood Hale
