Re: [Dovecot] virtual plugin and ACL
On Fri, 07 Aug 2009 15:23:32 -0400 Timo Sirainen wrote: > That's because in private namespaces user owns the mails, and > "authenticated" doesn't reduce the user's privileges. You could use > "owner" instead. > > Also I don't think you should use ACLs at all here. It's easier and more > secure to just make /var/mail/virtual non-writable to imap process. For > example change file/dir owners to root and make them world-readable. Thank you, Timo. Both variants are working fine for me.
Re: [Dovecot] virtual plugin and ACL
On Wed, 2009-08-05 at 11:08 +0300, Nikita Koshikov wrote: > Here is namespace part of config file: > namespace private { > prefix = Company/ > separator = / > location = virtual:/var/mail/virtual:INDEX=MEMORY:LAYOUT=maildir++ > subscriptions = no > } .. > Then I tried to setup ACL for virtual mailbox. Adding "acl" to mail_plugins > in imap and lda section and acl=vfile to plugins config. Under > /var/mail/virtual in each mailbox I create dovecot-acl file contaning: > user=koshikov.n lrwstiekxa > authenticated lrwstipe > > But this didn't work. That's because in private namespaces user owns the mails, and "authenticated" doesn't reduce the user's privileges. You could use "owner" instead. Also I don't think you should use ACLs at all here. It's easier and more secure to just make /var/mail/virtual non-writable to imap process. For example change file/dir owners to root and make them world-readable. signature.asc Description: This is a digitally signed message part