richandrews

Registered
Sep 27, 2022
3
1
3
Cambridgeshire, UK
cPanel Access Level
Root Administrator
I have a rather unique requirement to allow shared access to a dovecot folder over two accounts. Normally I'd set this up by adding both cpanel users to a single group and making the folder owned by that group, but after a lot of headscratching I finally figured out that dovecot is doing it's own permission checks (rather than offloading to the OS) and that I need the userdb (cpsrvd) to return the "system_user" field in response to the user check from dovecot.

The question is - how?

Or is there another way to allow the folder of one users mailbox to be accessed by another user?

FWIW there is a relationship between the accounts of the two users, but for various policy reasons they need to have their own user accounts even though one user should be able to see the folder of the other users mailbox.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
Hey there! This, and similar questions, come up a lot, and the answer is always that there isn't a secure way to perform this type of work on a cPanel server. Any type of sharing across accounts isn't something we intend to happen.
 

richandrews

Registered
Sep 27, 2022
3
1
3
Cambridgeshire, UK
cPanel Access Level
Root Administrator
Thanks for the response - obviously it is a feature that could be abused, but even if the dict service is setting system_user the default configuration wouldn't decrease security at all because (as far as I know) groups are not used by cpanel at all. It would take an administrator to actively create new groups and assign users to them. And to be honest, if an admin is doing that, they should already be aware of the implications of doing so...

Please correct me if I'm wrong?
 

richandrews

Registered
Sep 27, 2022
3
1
3
Cambridgeshire, UK
cPanel Access Level
Root Administrator
For anyone else interested in a solution (not sure anyone would, but there we go...) my intended solution is to create a post login dovecot script to allow group access to the specific user that needs to access the folder in a different account.
 
  • Like
Reactions: cPRex