dovecot - Apr 2007 - newbie with dovecot acls needs a little help :-)

hy all,

i'm trying to make an acl so a local unix user 'sie' can access
exalead mboxes.
my exalead mboxes are stored in :
/opt/exalead/mail/sie/

mailboxes are automatically created every week like sie.2007.W17 for the 17th
week of the year.

how can i do this ?
i've tried several things but none succedded.

dovecot version 1.0.rc15

# /etc/dovecot.conf
ddIEffective uid=65534, gid=65534
ddILoading modules from directory: /usr/lib64/dovecot/imap
ddIModule loaded: /usr/lib64/dovecot/imap/lib01_acl_plugin.so
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-info.log
protocols: imap imaps
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
login_greeting_capability: yes
mail_extra_groups: exalead
mail_location: mbox:/opt/exalead/mail
mail_debug: yes
mail_plugins: acl
auth default:
  verbose: yes
  debug: yes
  passdb:
    driver: pam
  userdb:
    driver: passwd
  userdb:
    driver: prefetch
  socket:
    type: listen
    client:
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: exalead
      group: exalead


thanks for your help

-- 
Rachid Zarouali
Administrateur Syst?mes/Applications
AFNIC
rachid.zarouali at nic.fr
01.39.30.83.47

On Wed, 2007-04-25 at 18:49 +0200, Rachid Zarouali
wrote:
> hy all,
> 
> i'm trying to make an acl so a local unix user 'sie' can access
exalead mboxes.
> my exalead mboxes are stored in :
> /opt/exalead/mail/sie/
..
> mail_extra_groups: exalead
> mail_location: mbox:/opt/exalead/mail
A bit late, but if you haven't figured out anything yet:

ACL plugin can only be used to remove permissions that would otherwise
be given by filesystem permissions. So I guess your problem is that
whatever user is trying to access the sie mboxes doesn't have permission
to do so. Is it really enough to have users in exalead group to be able
to access the mboxes? Anything in Dovecot's logs?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20070511/d153fd6e/attachment.bin>

On Fri, May 11, 2007 at 04:22:46PM +0300, Timo Sirainen
wrote:
> On Wed, 2007-04-25 at 18:49 +0200, Rachid Zarouali wrote:
> > hy all,
> > 
> > i'm trying to make an acl so a local unix user 'sie' can
access exalead mboxes.
> > my exalead mboxes are stored in :
> > /opt/exalead/mail/sie/
> ..
> > mail_extra_groups: exalead
> > mail_location: mbox:/opt/exalead/mail
> 
> A bit late, but if you haven't figured out anything yet:
> 
> ACL plugin can only be used to remove permissions that would otherwise
> be given by filesystem permissions. So I guess your problem is that
> whatever user is trying to access the sie mboxes doesn't have
permission
> to do so. Is it really enough to have users in exalead group to be able
> to access the mboxes? Anything in Dovecot's logs?
well here is how i tricked it:

i checked the umask for the exalead account is : 0002
i made sie member of the exalead group
in his $HOME dir , i made a symlink to /opt/exalead/mail/sie/ for the mail dir.
this way, the sie user will have it's own dovecot index and log files and 
can access the imap mailboxes readonly mode.

checking dovecot logs everything works well 
and using mutt i can access the mailboxes in readonly
mode.
> 


-- 
Rachid Zarouali
Administrateur Syst?mes/Applications
AFNIC
rachid.zarouali at nic.fr
01.39.30.83.47