similar to: ACL group vs. owner question

I'm trying to set up global ACLs. I have the following in the config file: > # acl > mail_plugins = acl > > protocol imap { > mail_plugins = $mail_plugins imap_acl > } > > plugin { > # Without global ACLs: > #acl = vfile > > # With global ACL files in /etc/dovecot/dovecot-acls file (v2.2.11+): > #acl = vfile:/etc/dovecot/dovecot-acl > acl

Hello, We have upgraded from Dovecot 2.2.13 to 2.2.15 and we are using global ACL file. The content of the ACL file is as following: * owner r INBOX owner lrwstipekxa INBOX/* owner lrwstipekxa user owner rwstipekxa user/* owner rwstipekxa This worked fine but after update any user cannot see any folders from under the INBOX, also they cannot create any new folders. Error into the logs are

Hello, Thank you for your response. In answer to your questions I made a file global-acls containing: # cat global-acls Public/general user=user1 at domain.com lrwstipekxa Public/TestFolder user=user1 at domain.com lrwstipekxa Public/general user=user1 at domain2.com lrwstipekxa Public/TestFolder user=user1 at domain2.com lrwstipekxa Here's the ls -la output: #ls -la

Hi! What am I doing wrong here? Mission: Delete old empty sub mailboxes in our Public mailspace acl-file contents: MailingLists user=dag lrwstipekxa MailingLists/* user=dag lrwstipekxa Didn't work from my mail client so tried: Command tried: % doveadm mailbox delete -s MailingLists/Glibc -u dag doveadm(dag): Error: Can't delete mailbox MailingLists/Glibc: Permission

Hello, Thanks, yes the global-acls file is the one I'm refering to and I created it before all this started. Yes, the users can both login properly and can access there own inboxes. Thanks. Dave. On 4/26/20, Markus Winkler <ml at irmawi.de> wrote: > Hi Dave, > > thanks for the information. > > On 26.04.20 18:37, David Mehler wrote: >> In answer to your questions

Trying to get ACLs working, very basic setup: Virtual users are put into different acl_group via passdb. > u:{PLAIN}B::::::userdb_acl_groups=g The global acl file restricts what they can do. > * group-override=g > * group=g lr Shouldn't this mean, that the group rights override the user rights? The effect that I see though is, that the user "u" then may not do

How would I go, If I wanted ACL processing to start with %{auth_user} instead of %{user} when determining rights? -- peter

Hello! I'm sorry, but i don't really understand it the way it is written in the wiki, so i'm trying my luck here =) i followed the wiki for creating a master user (the non-sql-version) and i can login as another user via this master user. my dovecot version is 1.2.9 on an ubuntu server 10.4.3 lts. what i don't get is the acl-setting, so that the master-user can access all the

We have a solution using Dovecot as a secondary mail archive. All mailboxes are populated/groomed by master account and the actual users have only read access. This is achieved by a simple ACL approach. dovecot.conf has protocol imap { mail_plugins = acl quota imap_quota zlib } plugin { acl = vfile:/etc/dovecot/acls:cache_secs=300 } /etc/dovecot/acls/.DEFAULT file is trivial: user=master

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I've come across a problem that I can't figure out. I'm using Dovecot 1.2.6 and Sieve 0.1.13. I'm using the following sieve script to sort my incoming mail. require ["fileinto", "envelope"]; if envelope :all :is "from" "sopprde at newport.th.gov.bc.ca" { fileinto

I'm getting inconsistent behavior from my acl file. I have an acl vfile configured with this: > Jobs$* anyone lrwikst > $* user=bob.wooldridge at edm-inc.com lrwstipekxa > $* user=michael.user at edm-inc.com lrwstipekxa > Jobs$* user=bob.wooldridge at edm-inc.com lrwstipekxa > Jobs$* user=michael.user at edm-inc.com lrwstipekxa The Jobs folder is a public shared folder. I

diff to dovecot-2.2.31 hardcoded userdb_acl_groups /as currently not seeing any other fields that need similar way/ in ldap using dynlist - labeledURIObject - some attribute labeledURI :: ldap:///ou=DovecotGroups,dc=DOMAIN,dc=TLD,dc=root?specName?sub?(&(objectclass=posixgroup)(memberuid=XXXXX)) that returns groupnames for each user that he belongs, but as multiple values of same field ... must

still the same? root at buserver:/etc/dovecot# doveadm user test2 at onnet.ch field valueuserdb lookup: user test2 at onnet.ch doesn't exist relevant config output from doveconf -n userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap result_success = continue-ok } userdb { args = username_format=%Lu /etc/dovecot/share.passwd driver = passwd-file result_failure =

HI Steffen. In folder /var/vmail/example.com/user_a i've a dovecot-acl file with " user=test at example.com lrwstipekxa " IN mysql table user_shares i set: +---------------------+------------------+-------+ | from_user | to_user | dummy | +---------------------+------------------+-------+ | user_a at example.com | test at example.com | 1 |

It seems after checking the code that global ACL file functionality was changed at 2.2.14 so that only 1 rule is used, not multiple rules. This is not documented or said anywhere into change logs. Br, Ova -----Original Message----- From: dovecot [mailto:dovecot-bounces at dovecot.org] On Behalf Of Ovidiu Moldovan Sent: 10. helmikuuta 2015 10:26 To: dovecot at dovecot.org Subject: Dovecot 2.2.15

Hi friends, I would like to remove write rights for a specific virtual user/email address. I've read the wiki "https://wiki2.dovecot.org/ACL" but there is nothing about it. So I started reading and rereading some old ML, like this: https://www.dovecot.org/list/dovecot/2006-June/013683.html where they talk about something like that but I would like to implement current

...I had under my eyes the solution I have not seen: * user=foo lrw Public user=bar lrwstipekxa Public/* user=bar lrwstipekxa I was enough (in my case) add the initial "*" wildcards, like this: * user=info at mydomain.com lrwsi where the "*" wildcards means all groups. I have verified and so the configuration is perfect, the user can not delete their own messages

Hi list, I have a question on auth caching in 2.2.18. I am using acl_groups for a master user, appended in a static userdb file # snip ############################### master at uma:{SHA}XXXX=::::::userdb_acl_groups=umareadmaster allow_nets=127.0.0.1 # snap ############################### and use this group in a global ACL file. I discovered this only works on first NOT-cached login

Hi Dave, thanks for the information. On 26.04.20 18:37, David Mehler wrote: > In answer to your questions I made a file global-acls containing: It's the '/usr/local/etc/dovecot/global-acls', right? > # cat global-acls > Public/general user=user1 at domain.com lrwstipekxa > Public/TestFolder user=user1 at domain.com lrwstipekxa > > Public/general user=user1 at

Using Dovecot 2.0, LDAP userdb & passdb, with prefetch: hosts = myhost.mydomain dn = cn=x,cn=y dnpass = xyz123 auth_bind = yes auth_bind_userdn = uid=%n,ou=users,dc=x ldap_version = 3 base = ou=Users, dc=x user_attrs = =home=/var/mail/%d/%n, \ =mail=mdbox:/var/mail/%d/%n/mdbox, \ =uid=vmail, \ =gid=mail user_filter = (&(objectClass=inetOrgPerson)(mail=%u)) pass_attrs =