0

I'm running an Ubuntu mail server with Dovecot 2.2.33 and am using system accounts:

passdb {
  driver = pam

I have about 100 mail users.

I would like to impose per-user storage quotas, but the Dovecot docs on per-user quota configuration say:

The Passwd userdb doesn’t support extra fields. That’s why you can’t directly set users’ quota limits to passwd file. One possibility would be to write a script that reads quota limits from another file, merges them with passwd file and produces another passwd-file, which you could then use with Dovecot’s Passwd-file.

Does anyone have an example of such a script? I'm not clear from the docs how the password itself is handled, for example. Or is there some other workaround that wouldn't entail having to migrate to a virtual user setup to get per-user quotas?

TommyPeanuts
  • 472
  • 1
  • 7
  • 24
  • Ah OK. That sounds like an answer to my question. So can I replace my existing `userdb` stanza with something calling multiple dbs? I'm not clear how that's done, but [like this](https://pastebin.com/rCJUSi5e)? – TommyPeanuts Oct 31 '22 at 22:33
  • 1
    never tried it myself, but looks close. however still need to change the real lookup to `continue-ok` on success and the partial quota lookup to `continue` on success. you do not want a match for entries that *only* appear in the quota file, but not (or no longer) in the system password database, so the quota-lookup must not modify found state, that must come from the main passwd lookup. – anx Nov 01 '22 at 05:47

1 Answers1

1

I think the easiest way to merge your user list with your quota configuration is to chain multiple user databases.

You want the original lookup to remember the result and continue, and the additional lookup to only continue. That will still get the found status (whether a user exists) from your original passwd file, but it will continue to check additional userdb lookups, the results of which are merged.

userdb {
  driver = passwd
  result_success = continue-ok
  # result_failure = continue
  result_internalfail = return-fail
}
userdb {
  driver = passwd-file
  args = /etc/dovecot/quotas
  result_success = continue
  # result_failure = continue
  result_internalfail = return-fail
}

# where /etc/dovecot/quotas is a passwd-style file
#  only associate usernames and userdb options via the added column (*seven* colons):
user1:::::::userdb_quota_rule=*:bytes=512M
user2:::::::userdb_quota_rule=*:bytes=256M

Be sure to add a reasonable default so that users created without customizing their quota through that file are also sensibly restricted.

anx
  • 8,963
  • 5
  • 24
  • 48