I have been testing shared mailboxes a bit a while ago, and this is buggy coded. I can't remember exactly what was wrong. But the implementation is not according to strict unix permissions as one would expect. I think I have noticed in the shared environment that files are changing ownership instead of just being modified which obviously is not a common practice.
> Hi, > I use pam_ldap.so to use LDAP to authenticate my users. I don't use > virtual accounts, but every account is a unix account. > I use a post login script to export the `ACL_GROUPS` variable to hold > all unix groups the user belongs to. > Each group corresponds to a shared mailbox, where UNIX group permission > handle which user gets access to the mailbox. > Recently I added acl files to the shared mailboxes that look like: > `group=some_group kxeilprwts` > The Permissions of the user Mailboxes are generally 0700 and 0770 for > shared mailboxes. > The namespace of the shared Mailboxes looks something like: > `type=shared, prefix=Shared/%%u/ location= > maildir:/somewhere/'%%d/%%n/Maildir:INDEX=/srv/mails/%d/%n/Maildir/shared > /%%u` > Everything works fine, except my log gets flooded with messages saying: > `open(/path/to/shared/mailbox) failed: Permission denied` and > `opendir(/path/to/shared) failed: Permission denied, missing +x perm, > we're not in group`. The user should also not be in the group. > This is also reproducible when I do `doveadm mailbox list -u > some_unix_user`, where dovecot tries to list all of the mailboxes, even > though the user does not have permissions to do so. > Referenced here: > https://doc.dovecot.org/main/core/config/shared_mailboxes.html it says > "Dovecot assumes that it can access the other users' mailboxes". > So should I just ignore the messages/write a syslog filter for them? > How can I prevent dovecot from checking every shared mailbox, even > though they don't have access to it? > > _______________________________________________ > dovecot mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
