Allow setting ACL_ANYONE in the configuration
parent
d627934bd9
commit
4755bb323b
|
@ -20,6 +20,7 @@ data/conf/rspamd/override.d/*
|
||||||
data/conf/nginx/*.conf
|
data/conf/nginx/*.conf
|
||||||
data/conf/nginx/*.custom
|
data/conf/nginx/*.custom
|
||||||
data/conf/nginx/*.bak
|
data/conf/nginx/*.bak
|
||||||
|
data/conf/dovecot/acl_anyone
|
||||||
data/conf/dovecot/extra.conf
|
data/conf/dovecot/extra.conf
|
||||||
data/conf/rspamd/custom/*
|
data/conf/rspamd/custom/*
|
||||||
data/conf/portainer/
|
data/conf/portainer/
|
||||||
|
|
|
@ -85,6 +85,7 @@ map {
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
echo -n ${ACL_ANYONE} > /usr/local/etc/dovecot/acl_anyone
|
||||||
|
|
||||||
# Create userdb dict for Dovecot
|
# Create userdb dict for Dovecot
|
||||||
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf
|
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf
|
||||||
|
|
|
@ -204,9 +204,17 @@ sed -i \
|
||||||
/usr/lib/GNUstep/SOGo/WebServerResources/js/Common/Common.app.js \
|
/usr/lib/GNUstep/SOGo/WebServerResources/js/Common/Common.app.js \
|
||||||
/usr/lib/GNUstep/SOGo/WebServerResources/js/Common.js
|
/usr/lib/GNUstep/SOGo/WebServerResources/js/Common.js
|
||||||
|
|
||||||
# Patch ACLs (comment this out to enable any or authenticated targets for ACL)
|
# Patch ACLs
|
||||||
if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
|
if [[ ${ACL_ANYONE} == 'allow' ]]; then
|
||||||
|
#enable any or authenticated targets for ACL
|
||||||
|
if patch -R -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
|
||||||
|
patch -R /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
#disable any or authenticated targets for ACL
|
||||||
|
if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
|
||||||
patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
|
patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
exec gosu sogo /usr/sbin/sogod
|
exec gosu sogo /usr/sbin/sogod
|
||||||
|
|
|
@ -275,7 +275,7 @@ protocol sieve {
|
||||||
}
|
}
|
||||||
plugin {
|
plugin {
|
||||||
# Allow "any" or "authenticated" to be used in ACLs
|
# Allow "any" or "authenticated" to be used in ACLs
|
||||||
#acl_anyone = allow
|
acl_anyone = </usr/local/etc/dovecot/acl_anyone
|
||||||
acl_shared_dict = file:/var/vmail/shared-mailboxes.db
|
acl_shared_dict = file:/var/vmail/shared-mailboxes.db
|
||||||
acl = vfile
|
acl = vfile
|
||||||
quota = dict:Userquota::proxy::sqlquota
|
quota = dict:Userquota::proxy::sqlquota
|
||||||
|
|
|
@ -147,6 +147,7 @@ services:
|
||||||
- TZ=${TZ}
|
- TZ=${TZ}
|
||||||
- LOG_LINES=${LOG_LINES:-9999}
|
- LOG_LINES=${LOG_LINES:-9999}
|
||||||
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
|
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
|
||||||
|
- ACL_ANYONE=${ACL_ANYONE:-disallow}
|
||||||
volumes:
|
volumes:
|
||||||
- ./data/conf/sogo/:/etc/sogo/
|
- ./data/conf/sogo/:/etc/sogo/
|
||||||
- ./data/web/inc/init_db.inc.php:/init_db.inc.php
|
- ./data/web/inc/init_db.inc.php:/init_db.inc.php
|
||||||
|
@ -183,6 +184,7 @@ services:
|
||||||
- DBPASS=${DBPASS}
|
- DBPASS=${DBPASS}
|
||||||
- TZ=${TZ}
|
- TZ=${TZ}
|
||||||
- MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-1440}
|
- MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-1440}
|
||||||
|
- ACL_ANYONE=${ACL_ANYONE:-disallow}
|
||||||
ports:
|
ports:
|
||||||
- "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
|
- "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
|
||||||
- "${IMAP_PORT:-143}:143"
|
- "${IMAP_PORT:-143}:143"
|
||||||
|
|
14
update.sh
14
update.sh
|
@ -121,6 +121,7 @@ CONFIG_ARRAY=(
|
||||||
"API_KEY"
|
"API_KEY"
|
||||||
"API_ALLOW_FROM"
|
"API_ALLOW_FROM"
|
||||||
"MAILDIR_GC_TIME"
|
"MAILDIR_GC_TIME"
|
||||||
|
"ACL_ANYONE"
|
||||||
)
|
)
|
||||||
|
|
||||||
sed -i '$a\' mailcow.conf
|
sed -i '$a\' mailcow.conf
|
||||||
|
@ -202,6 +203,19 @@ for option in ${CONFIG_ARRAY[@]}; do
|
||||||
echo '# Check interval is hourly' >> mailcow.conf
|
echo '# Check interval is hourly' >> mailcow.conf
|
||||||
echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
|
echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
|
||||||
fi
|
fi
|
||||||
|
elif [[ ${option} == "ACL_ANYONE" ]]; then
|
||||||
|
if ! grep -q ${option} mailcow.conf; then
|
||||||
|
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||||
|
echo '# Set this to allow to enable the anyone pseudo user. Disabled by default.
|
||||||
|
' >> mailcow.conf
|
||||||
|
echo '# When enabled, ACL can be created, that apply to "All authenticated users"
|
||||||
|
' >> mailcow.conf
|
||||||
|
echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
|
||||||
|
' >> mailcow.conf
|
||||||
|
echo '# Otherwise a user might share data with too many other users.
|
||||||
|
' >> mailcow.conf
|
||||||
|
echo 'ACL_ANYONE=disallow' >> mailcow.conf
|
||||||
|
fi
|
||||||
elif ! grep -q ${option} mailcow.conf; then
|
elif ! grep -q ${option} mailcow.conf; then
|
||||||
echo "Adding new option \"${option}\" to mailcow.conf"
|
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||||
echo "${option}=n" >> mailcow.conf
|
echo "${option}=n" >> mailcow.conf
|
||||||
|
|
Loading…
Reference in New Issue