dovecot - Aug 2018 - limit sharing ability to certain users

Thanks for the advice Aki
> On 6 Aug 2018, at 07:26, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> 
> userdb {
>    driver = username_format=%Lu passwd-file
>    args = /etc/dovecot/share.passwd
> }
Something is wrong with the suggested driver configuration ? Leads to a fatal ?
I think there is missing a driver name.
Any chance of doing this via LDAP attribute? 

Here is my working config (without your suggestion):
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11 
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = syslog
disable_plaintext_auth = no
info_log_path = syslog
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_debug = yes
mail_gid = 5000
mail_location = maildir:~/Maildir
mail_plugins = zlib quota acl
mail_uid = 5000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace {
  hidden = no
  ignore_on_failure = no
  inbox = no
  list = children
  location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u
  prefix = shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/spool/postfix/virtual/shared-mailboxes
  quota = maildir:User quota
  quota_exceeded_message = 4.2.2 Mailbox full
  quota_rule = *:storage=1G
  quota_rule2 = INBOX.Trash:storage=+100M
  quota_rule3 = INBOX.Spam:ignore
  quota_warning = storage=95%% quota-warning 95 %u
  sieve = ~/.dovecot.sieve
  sieve_before = /var/lib/dovecot/sieve/default.sieve
  sieve_dir = ~/sieve
  sieve_max_actions = 32
  sieve_max_redirects = 4
  sieve_max_script_size = 1M
  sieve_quota_max_scripts = 0
  sieve_quota_max_storage = 0
}
protocols = " imap lmtp sieve pop3"
service auth {
  group = dovecot
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-master {
    group = vmail
    mode = 0666
    user = vmail
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0666
    user = vmail
  }
  user = dovecot
}
service lmtp {
  unix_listener lmtp {
    mode = 0666
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  inet_listener sieve_deprecated {
    port = 2000
  }
  process_min_avail = 0
  service_count = 1
  vsz_limit = 64 M
}
ssl = no
userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
protocol lmtp {
  mail_plugins = zlib quota acl sieve
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  deliver_log_format = msgid=%m: %$
  mail_plugins = zlib quota acl sieve
  postmaster_address = postmaster at onnet.ch
}
protocol imap {
  mail_plugins = zlib quota acl imap_quota imap_acl
}
protocol sieve {
  info_log_path = /var/log/sieve.log
  log_path = /var/log/sieve.log
  mail_max_userip_connections = 10
  managesieve_implementation_string = Dovecot Pigeonhole
  managesieve_logout_format = bytes=%i/%o
  managesieve_max_compile_errors = 5
  managesieve_max_line_length = 65536
}

Thanks in advance for your help
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180806/4b6226c0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3696 bytes
Desc: not available
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180806/4b6226c0/attachment-0001.p7s>

As Sami pointed out, I had wrong syntax:
> close, but few typos. userdb should be:
>
> userdb {
> ? driver = passwd-file
> ? args = username_format=%Lu /etc/dovecot/share.passwd
> }
>
> Sami
On 06.08.2018 22:52, Simeon Ott wrote:
> Thanks for the advice Aki
>
>> On 6 Aug 2018, at 07:26, Aki Tuomi <aki.tuomi at dovecot.fi
>> <mailto:aki.tuomi at dovecot.fi>> wrote:
>>
>> userdb {
>> ?? driver = username_format=%Lu passwd-file
>> ?? args = /etc/dovecot/share.passwd
>> }
>
> Something is wrong with the suggested driver configuration ? Leads to
> a fatal ? I think there is missing a driver name.
> Any chance of doing this via LDAP attribute??
>
> Here is my working config (without your suggestion):
> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 3.16.0-6-amd64 x86_64 Debian 8.11?
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = plain login
> auth_verbose = yes
> auth_verbose_passwords = plain
> debug_log_path = syslog
> disable_plaintext_auth = no
> info_log_path = syslog
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
%c
> mail_debug = yes
> mail_gid = 5000
> mail_location = maildir:~/Maildir
> mail_plugins = zlib quota acl
> mail_uid = 5000
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date ihave
> namespace {
> ? hidden = no
> ? ignore_on_failure = no
> ? inbox = no
> ? list = children
> ? location = maildir:%%h/Maildir:INDEX=%h/shared/%%u:CONTROL=%h/shared/%%u
> ? prefix = shared/%%u/
> ? separator = /
> ? subscriptions = yes
> ? type = shared
> }
> namespace inbox {
> ? inbox = yes
> ? location =?
> ? mailbox Drafts {
> ? ? auto = subscribe
> ? ? special_use = \Drafts
> ? }
> ? mailbox Sent {
> ? ? auto = subscribe
> ? ? special_use = \Sent
> ? }
> ? mailbox "Sent Messages" {
> ? ? special_use = \Sent
> ? }
> ? mailbox Spam {
> ? ? auto = subscribe
> ? ? special_use = \Junk
> ? }
> ? mailbox Trash {
> ? ? auto = subscribe
> ? ? special_use = \Trash
> ? }
> ? prefix =?
> ? separator = /
> ? type = private
> }
> passdb {
> ? args = /etc/dovecot/dovecot-ldap.conf
> ? driver = ldap
> }
> plugin {
> ? acl = vfile
> ? acl_shared_dict = file:/var/spool/postfix/virtual/shared-mailboxes
> ? quota = maildir:User quota
> ? quota_exceeded_message = 4.2.2 Mailbox full
> ? quota_rule = *:storage=1G
> ? quota_rule2 = INBOX.Trash:storage=+100M
> ? quota_rule3 = INBOX.Spam:ignore
> ? quota_warning = storage=95%% quota-warning 95 %u
> ? sieve = ~/.dovecot.sieve
> ? sieve_before = /var/lib/dovecot/sieve/default.sieve
> ? sieve_dir = ~/sieve
> ? sieve_max_actions = 32
> ? sieve_max_redirects = 4
> ? sieve_max_script_size = 1M
> ? sieve_quota_max_scripts = 0
> ? sieve_quota_max_storage = 0
> }
> protocols = " imap lmtp sieve pop3"
> service auth {
> ? group = dovecot
> ? unix_listener /var/spool/postfix/private/auth {
> ? ? group = postfix
> ? ? mode = 0666
> ? ? user = postfix
> ? }
> ? unix_listener auth-master {
> ? ? group = vmail
> ? ? mode = 0666
> ? ? user = vmail
> ? }
> ? unix_listener auth-userdb {
> ? ? group = vmail
> ? ? mode = 0666
> ? ? user = vmail
> ? }
> ? user = dovecot
> }
> service lmtp {
> ? unix_listener lmtp {
> ? ? mode = 0666
> ? }
> }
> service managesieve-login {
> ? inet_listener sieve {
> ? ? port = 4190
> ? }
> ? inet_listener sieve_deprecated {
> ? ? port = 2000
> ? }
> ? process_min_avail = 0
> ? service_count = 1
> ? vsz_limit = 64 M
> }
> ssl = no
> userdb {
> ? args = /etc/dovecot/dovecot-ldap.conf
> ? driver = ldap
> }
> protocol lmtp {
> ? mail_plugins = zlib quota acl sieve
> }
> protocol lda {
> ? auth_socket_path = /var/run/dovecot/auth-master
> ? deliver_log_format = msgid=%m: %$
> ? mail_plugins = zlib quota acl sieve
> ? postmaster_address = postmaster at onnet.ch <mailto:postmaster at
onnet.ch>
> }
> protocol imap {
> ? mail_plugins = zlib quota acl imap_quota imap_acl
> }
> protocol sieve {
> ? info_log_path = /var/log/sieve.log
> ? log_path = /var/log/sieve.log
> ? mail_max_userip_connections = 10
> ? managesieve_implementation_string = Dovecot Pigeonhole
> ? managesieve_logout_format = bytes=%i/%o
> ? managesieve_max_compile_errors = 5
> ? managesieve_max_line_length = 65536
> }
>
> Thanks in advance for your help

Sorry for that! I was offline during writing my answer to your mail and so it
left my outbox after the advice from Sami.

The solution works well when using passwd userdbs only. I didn?t get it running
in conjunction with ldap userdb. I tried to use an LDAP attribute and mapping it
to userdb_acl_globals_only and another try with acl_globals_only. Both
attributes were not considered by the lookup. Another try was to use a separate
passwd-userdb for this attribute only. When placing the passwd-userdb before the
ldap-userdb the ldap attributes are not considered. If the ldap-userdb is placed
before the passwd-userdb, the extra attribute is not considered. I think this is
a wanted behaviour.

Any ideas in conjunction with LDAP?
> On 7 Aug 2018, at 08:54, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
> 
> As Sami pointed out, I had wrong syntax:
> 
>> close, but few typos. userdb should be:
>> 
>> userdb {
>>   driver = passwd-file
>>   args = username_format=%Lu /etc/dovecot/share.passwd
>> }
>> 
>> Sami
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3696 bytes
Desc: not available
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180807/6e9b3984/attachment-0001.p7s>