Hi,
I use pam_ldap.so to use LDAP to authenticate my users. I don't use
virtual accounts, but every account is a unix account.
I use a post login script to export the `ACL_GROUPS` variable to hold
all unix groups the user belongs to.
Each group corresponds to a shared mailbox, where UNIX group permission
handle which user gets access to the mailbox.
Recently I added acl files to the shared mailboxes that look like:
`group=some_group kxeilprwts`
The Permissions of the user Mailboxes are generally 0700 and 0770 for
shared mailboxes.
The namespace of the shared Mailboxes looks something like:
`type=shared, prefix=Shared/%%u/ location=
maildir:/somewhere/'%%d/%%n/Maildir:INDEX=/srv/mails/%d/%n/Maildir/shared/%%u`
Everything works fine, except my log gets flooded with messages saying:
`open(/path/to/shared/mailbox) failed: Permission denied` and
`opendir(/path/to/shared) failed: Permission denied, missing +x perm,
we're not in group`. The user should also not be in the group.
This is also reproducible when I do `doveadm mailbox list -u
some_unix_user`, where dovecot tries to list all of the mailboxes, even
though the user does not have permissions to do so.
Referenced here:
https://doc.dovecot.org/main/core/config/shared_mailboxes.html it says
"Dovecot assumes that it can access the other users' mailboxes".
So should I just ignore the messages/write a syslog filter for them?
How can I prevent dovecot from checking every shared mailbox, even
though they don't have access to it?
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
