Am 2016-02-08 um 11:50 schrieb Timo Sirainen:> On 05 Feb 2016, at 17:42, Peter Chiochetti <pch at myzel.net> wrote:
>>
>> How would I go, If I wanted ACL processing to start with
>> %{auth_user} instead of %{user} when determining rights?
>
> You could kludge it by returning master_user=%{auth_user} in userdb,
> but that might affect other things..
> [?]
I tested the kludge: I put userdb_master_user=someone into the static
passwd file for a certain auth_user and now global ACLs apply; as an
extra bonus now userdb_acl_groups=somegroup starts to be applied too for
that account!
Observations:
- my virtual users start with no rights
- I add rights in the global dovecot-acl file
- changes work immediately, no restart necessary
- only users with a master_user set are affected
- in the future a single stance in local.conf will apply to all users
I could not put master_user=%{auth_user} into the userdb stance (nor the
passwd file), because the parser does not expand the variable, possibly
a formatting error on my side: "doveadm -D acl debug -u myname INBOX"
then prints:> Debug: Added userdb setting: plugin/master_user=auth_user}
After all, once more
A happy dovecot user!
--
peter