The shared mailbox and all its files and subdirectories are owned by the
'dovecot' user and by the 'domain users' group that all users belong to.
The ACL restrictions cause a reduction (i.e. more fine-grained
constraint) in privileges. In other words, at the system-file level,
everyone can read the directory/files, but at the ACL level, only
members of some particular list of groups should be able to read them.
And as I said, the user=<username> constraint seems to work fine, but
group=<groupname> does not. It looks like the group=<groupname>
constraint just never matches anyone. So I might have group=admins and
"joeblow" is in group admins, but Dovecot thinks that he isn't.
Adam McDougall wrote:
What are the directory and file permissions of your shared folder,
and do your <permissions> cause an increase or reduction of permissions
compared to the dir and file permissions, or some of both?
On Mon, May 07, 2007 at 02:47:40PM -0400, Matt Zukowski wrote:
I would just add to this that simply putting a dovecot-acl file in a
shared folder with "user=<username> <permissions>" does work just fine
for us (without the complicated setup described below). Our problem is
that group-based restrictions don't work at all (i.e. "group=<groupname>
<permissions>", as described in the manual).
I'm also trying to figure out what the force-group ACL identifier is
supposed to mean.
.... I gotta stop hitting "reply" for this list. I keep accidentally sending
messages to the original authors rather than to the mailing list :)
This e-mail message is privileged, confidential and subject to copyright. Any unauthorized use or disclosure is prohibited.
Le contenu du pr'esent courriel est privil'egi'e, confidentiel et soumis `a des droits d'auteur. Il est interdit de l'utiliser ou de le divulguer sans autorisation.
