Hi,
recently i decided to use quota_over_flag with passwd_file userdb. The
main idea is to prevent dovecot (or vmail) user to have write access to
file with passwords.
To do it, i setup separate userdb as this (SQL userdb is SQLite based,
thus the same problem with write):
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
userdb {
args = username_format=%u /etc/dovecot/over_quota
default_fields = quota_over_flag=1
driver = passwd-file
result_internalfail = continue-fail
result_success = continue-fail
}
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
For testing i add one user into over_quota file:
slavko at slavino.eu:::::::
With this setting the doveadm user with user in over_quota seems to
work:
doveadm user slavko at slavino.eu
field value
uid 20000
gid 20000
home /srv/vmail/slavino.eu/slavko
mail maildir:~/Maildir
quota_over_flag 1
quota_rule *:storage=0M
quota2_rule *:storage=0M
But the user iteration shows duplicate users:
doveadm user '*'
slavko at slavino.eu
slavko at slavino.eu
...
As we discussed on IRC, it is how iteration works, as it emit users as
soon as it meet it, but this doesn't correspond with "multiple userdb
are merged" in docs (for iteration).
I am surprised by this mainly because the particular userdb has set
result_success to "continue-fail" and thus have to set user not found
as
with any user, which is not in this db. But it seems, that iteration
ignores this result.
I wrote this as we discussed via IRC, i am not subscribed, thus please
CC me.
regards
--
Slavko
http://slavino.sk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: Digit??lny podpis OpenPGP
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20210705/3e96bc28/attachment-0001.sig>