Hi, I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. Services like proftpd have: "AllowGroup ftpgroup" sshd have "AllowGroups sshgroup" And samba have "valid users = @smbgroup" But I can't find the correct option in Dovecot (/etc/dovecot/dovecot.conf) Do anyone have the magic option or a workaround thats doesn't envolve maintaining seperate user databases and password? (I know its needed for samba but besides that) /Neergaard
On Tue, 2010-12-28 at 00:15 +0100, Jacob Neergaard Pedersen wrote:> I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage.Assuming you use passdb pam, I think pam_listfile can do this: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_listfile.html -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20101230/8ae73fe0/attachment-0002.bin>
Sorry about the late reply. I look at the link you sent me. But I can't figure out how to make it do what I want. As far as I understand then yes I'm using PAM. I wanna create an imap group in /etc/group and only the users I add to this is to be allow access to dovecot thought IMAP. I'm sorry to say but my Linux skill are limited but growing. Den 30/12/2010 kl. 11.09 skrev Timo Sirainen:> On Tue, 2010-12-28 at 00:15 +0100, Jacob Neergaard Pedersen wrote: >> I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. > > Assuming you use passdb pam, I think pam_listfile can do this: > http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_listfile.html >
Hi, Found It :) Here it is - very simple. Add the group you wanna use to /etc/group maigroup:x:1007:user1,user2,user3 Make a file listing the groups you wanna allow access from echo "maigroup" > /etc/dovecot/group.allow Add group authentication to dovecot pam setting in /etc/pam.d/dovecot Add this line on the top of the file auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/dovecot/group.allow I hope I can safe other people the trouble. /Neergaard Den 30/12/2010 kl. 11.09 skrev Timo Sirainen:> On Tue, 2010-12-28 at 00:15 +0100, Jacob Neergaard Pedersen wrote: >> I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. > > Assuming you use passdb pam, I think pam_listfile can do this: > http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_listfile.html >
Reasonably Related Threads
- proftpd graphical clients not working
- Build package for R 2.0.1 under Windows
- Comparing density plots using same axes or same axes scale
- ((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
- Problem with using both pam_listfile to deny logins and pubkey authentication