I would just add to this that simply putting a dovecot-acl file in a
shared folder with "user=<username> <permissions>" does work just fine
for us (without the complicated setup described below). Our problem is
that group-based restrictions don't work at all (i.e. "group=<groupname>
<permissions>", as described in the manual).
I'm also trying to figure out what the force-group ACL identifier is
supposed to mean.
.... I gotta stop hitting "reply" for this list. I keep accidentally
sending messages to the original authors rather than to the mailing list :)
Jim Horner wrote:
In courier-imap, we were able to take advantage of the maildir structure
and standard unix users/groups to allow 'decsstaff' members to have full
write access while 'decsall' members only have r/o unless also a member of
'decsstaff':
-rw-rw-r-- 1 postlocal decsstaff 37597 May 5 23:37
/egr/mail/shared/decs/.support.In/cur/1178422658.M533373P54269.ice
drwxrwxr-x 2 postlocal decsstaff 24576 May 5 23:37
/egr/mail/shared/decs/.support.In/cur
drwxrws--- 6 postlocal decsall 4096 Apr 22 18:08
/egr/mail/shared/decs/.support.In drwxrwsr-x 34 postlocal wheel 4096 May
1 07:23 /egr/mail/shared/decs
location:
maildir:/egr/mail/shared-dovecot2/vprgs:CONTROL=%h/Maildir/dovecot/public/c
ontrol/vprgs:INDEX=%h/Maildir/dovecot/public/indexes/vprgs namespace:
type: private
separator: /
prefix: mail/
hidden: yes
plugin:
acl: vfile:/usr/local/etc/dovecot-acls
I use shared folders. I posted a while back about my setup. There have been a
few changelogs since then concerning ACLs. My setup might be whacked but it
still continues to work. The simplest example I have is root mail.
I have mail folders
drwxrwx--- 4 rootmail users /home/services/mail/rootmail/Maildir
drwxrwx--- 4 rootmail users ../.RootmailFolder
drwxrwx--- 4 rootmail users ../.RootmailFolder.general
To get around ACL plugins downside of being unaware of namespaces I create
a "RootmailFolder" underneath Maildir. No one else probably (hopefully) will
have a folder named that. If they did then the permissions in the ACL
plug-in directory would override "owner permissions". Were that to happen
then you could just put a dovecot-acl file in the user's directory to
compensate though this is a fuzzy part... this used to work but I haven't
needed to test it so I don't know if it does still.
I then created a general folder under that. I have a sieve script which pumps
all mail into the general folder. So this is rootmail's "inbox". I did this
as a workaround.
<might not be needed nor work anymore>
If you actually want a user 'rootmail' to use an imap client and log into
their mailbox then you would create a file
/home/services/mail/rootmail/Maildir/dovecot-acl
/home/services/mail/rootmail/Maildir/.RootmailFolder/dovecot-acl
/home/services/mail/rootmail/Maildir/.RootmailFolder.general/dovecot-acl
all the files contain:
user=rootmail lrwstie
</might not be needed nor work anymore>
To use the ACL plug-in files must be create in this directory:
plugin:
acl: vfile:/usr/local/etc/dovecot-acls
so I have (using your path) files:
/usr/local/etc/dovecot-acls/RootmailFolder
/usr/local/etc/dovecot-acls/RootmailFolder.general
These files contain
user=jhorner lrwstie
My namespace is setup as:
namespace public {
separator = .
prefix = ROOTMAIL.
location =
maildir:/home/services/mail/rootmail/Maildir:CONTROL=%h/shared-settings/rootmail/control:INDEX=%h/shared-settings/rootmail/index
hidden = no
inbox = no
}
Everyone can see the namespace but no one but me can access the namespace
because RootmailFolder is only accessible by me. Those who do try to access a
forbidden folder get a curt techie error. However, most clients do not show
the namespace because there aren't any folders underneath the namespace that
are accessible so this is not a problem for me.
I also have a COMPANY share setup similarly. However there are many many
folders underneath this share and different people can access different
folders and I accomplish that using the ACL plug-in similar to above.
I used to use Courier and I was able to duplicate shared folders via the ACL
plug-in though the folders are now one level deeper, i.e.
ROOTMAIL/RootmailFolders/general as opposed to ROOTMAIL/general
(namespace/foldername). Some users did complain. Oh well... most are still
breathing.
Jim
This e-mail message is privileged, confidential and subject to copyright. Any unauthorized use or disclosure is prohibited.
Le contenu du pr'esent courriel est privil'egi'e, confidentiel et soumis `a des droits d'auteur. Il est interdit de l'utiliser ou de le divulguer sans autorisation.
