Allow setting ACL_ANYONE in the configuration
parent
d627934bd9
commit
4755bb323b
|
@ -20,6 +20,7 @@ data/conf/rspamd/override.d/*
|
|||
data/conf/nginx/*.conf
|
||||
data/conf/nginx/*.custom
|
||||
data/conf/nginx/*.bak
|
||||
data/conf/dovecot/acl_anyone
|
||||
data/conf/dovecot/extra.conf
|
||||
data/conf/rspamd/custom/*
|
||||
data/conf/portainer/
|
||||
|
|
|
@ -85,6 +85,7 @@ map {
|
|||
}
|
||||
EOF
|
||||
|
||||
echo -n ${ACL_ANYONE} > /usr/local/etc/dovecot/acl_anyone
|
||||
|
||||
# Create userdb dict for Dovecot
|
||||
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf
|
||||
|
|
|
@ -204,9 +204,17 @@ sed -i \
|
|||
/usr/lib/GNUstep/SOGo/WebServerResources/js/Common/Common.app.js \
|
||||
/usr/lib/GNUstep/SOGo/WebServerResources/js/Common.js
|
||||
|
||||
# Patch ACLs (comment this out to enable any or authenticated targets for ACL)
|
||||
if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
|
||||
patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
|
||||
# Patch ACLs
|
||||
if [[ ${ACL_ANYONE} == 'allow' ]]; then
|
||||
#enable any or authenticated targets for ACL
|
||||
if patch -R -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
|
||||
patch -R /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
|
||||
fi
|
||||
else
|
||||
#disable any or authenticated targets for ACL
|
||||
if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
|
||||
patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
|
||||
fi
|
||||
fi
|
||||
|
||||
exec gosu sogo /usr/sbin/sogod
|
||||
|
|
|
@ -275,7 +275,7 @@ protocol sieve {
|
|||
}
|
||||
plugin {
|
||||
# Allow "any" or "authenticated" to be used in ACLs
|
||||
#acl_anyone = allow
|
||||
acl_anyone = </usr/local/etc/dovecot/acl_anyone
|
||||
acl_shared_dict = file:/var/vmail/shared-mailboxes.db
|
||||
acl = vfile
|
||||
quota = dict:Userquota::proxy::sqlquota
|
||||
|
|
|
@ -147,6 +147,7 @@ services:
|
|||
- TZ=${TZ}
|
||||
- LOG_LINES=${LOG_LINES:-9999}
|
||||
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
|
||||
- ACL_ANYONE=${ACL_ANYONE:-disallow}
|
||||
volumes:
|
||||
- ./data/conf/sogo/:/etc/sogo/
|
||||
- ./data/web/inc/init_db.inc.php:/init_db.inc.php
|
||||
|
@ -183,6 +184,7 @@ services:
|
|||
- DBPASS=${DBPASS}
|
||||
- TZ=${TZ}
|
||||
- MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-1440}
|
||||
- ACL_ANYONE=${ACL_ANYONE:-disallow}
|
||||
ports:
|
||||
- "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
|
||||
- "${IMAP_PORT:-143}:143"
|
||||
|
|
14
update.sh
14
update.sh
|
@ -121,6 +121,7 @@ CONFIG_ARRAY=(
|
|||
"API_KEY"
|
||||
"API_ALLOW_FROM"
|
||||
"MAILDIR_GC_TIME"
|
||||
"ACL_ANYONE"
|
||||
)
|
||||
|
||||
sed -i '$a\' mailcow.conf
|
||||
|
@ -202,6 +203,19 @@ for option in ${CONFIG_ARRAY[@]}; do
|
|||
echo '# Check interval is hourly' >> mailcow.conf
|
||||
echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
|
||||
fi
|
||||
elif [[ ${option} == "ACL_ANYONE" ]]; then
|
||||
if ! grep -q ${option} mailcow.conf; then
|
||||
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||
echo '# Set this to allow to enable the anyone pseudo user. Disabled by default.
|
||||
' >> mailcow.conf
|
||||
echo '# When enabled, ACL can be created, that apply to "All authenticated users"
|
||||
' >> mailcow.conf
|
||||
echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
|
||||
' >> mailcow.conf
|
||||
echo '# Otherwise a user might share data with too many other users.
|
||||
' >> mailcow.conf
|
||||
echo 'ACL_ANYONE=disallow' >> mailcow.conf
|
||||
fi
|
||||
elif ! grep -q ${option} mailcow.conf; then
|
||||
echo "Adding new option \"${option}\" to mailcow.conf"
|
||||
echo "${option}=n" >> mailcow.conf
|
||||
|
|
Loading…
Reference in New Issue