Hi all, I'm trying to set an ACL with negative rights. I have no problems setting it with standard IMAP commands, but I'm unable to do it with the doveadm acl command. I tried: sudo -u vmail doveadm acl set -u "user at domain" Spam user="-user at domain" lookup (notice the "-" before the username) Unfortunately, this adds a (positive) ACL for the user named "-user at domain" instead of adding a negative one for the user "user at domain". Am I messing up something or is negative ACL support missing from doveadm? I have not seen anything in the docs about this... Regards, Peter
Hi all, Although noone answered, I figured out how to set negative rights via doveadm. You should not prefix the username with '-' (as you should do in a normal IMAP setacl command). Instead you should specify the *rights* starting with a '-'. There are two problems with this: 1. The '-username' version runs smoothly and does not throw any errors. However, it does *not* set negative rights. It adds a useless entry for a user named '-username' 2. If you try to specify the rights with a '-', such as '-writeseen', doveadm throws an error like this: set: invalid option -- 'w' So the solution is to add '--' to the command line signaling the end of the options: sudo -u vmail doveadm acl set -u user at domain -- "Spam" user=user at domain -write-seen Regards, Peter Peter Benko <pbopbo at freemail.hu> ?rta:>Hi all, > >I'm trying to set an ACL with negative rights. I have no problems setting it with standard IMAP commands, but I'm unable to do it with the doveadm acl command. > >I tried: > >sudo -u vmail doveadm acl set -u "user at domain" Spam user="-user at domain" lookup >(notice the "-" before the username) > >Unfortunately, this adds a (positive) ACL for the user named "-user at domain" instead of adding a negative one for the user "user at domain". > >Am I messing up something or is negative ACL support missing from doveadm? I have not seen anything in the docs about this... > >Regards, > >Peter >
On Tue, Dec 20, 2016, at 09:20 AM, Peter Benko wrote:> Hi all, > > Although noone answered, I figured out how to set negative rights via doveadm. You should not prefix the username with '-' (as you should do in a normal IMAP setacl command). Instead you should specify the *rights* starting with a '-'. There are two problems with this: > > 1. The '-username' version runs smoothly and does not throw any errors. However, it does *not* set negative rights. It adds a useless entry for a user named '-username' > > 2. If you try to specify the rights with a '-', such as '-writeseen', doveadm throws an error like this: > set: invalid option -- 'w' > > So the solution is to add '--' to the command line signaling the end of the options: > > sudo -u vmail doveadm acl set -u user at domain -- "Spam" user=user at domain -write-seen >Thanks for sharing the solution you found. V/r, James Cassell