> On 06/02/2025 13:16 EET dovecot--- via dovecot <dovecot@dovecot.org> wrote: > > > > Da: Aki Tuomi <aki.tu...@open-xchange.com> > > Inviato: giovedì 6 febbraio 2025 11:49 > > A: dove...@iotti.biz; dovecot--- via dovecot <dovecot@dovecot.org> > > Oggetto: Re: Preventing message deletion > > > > > > > On 06/02/2025 12:39 EET dovecot--- via dovecot <dovecot@dovecot.org> > > wrote: > > > > > > > > > Hi all > > > > > > How may I disable message deletions via IMAP for some or all of my users? > > > I read on the net that a possible solution would be to use the ACL > > > IMAP plugin. But the examples I found were not so clear to me. We do > > > not use shared mailboxes or namespaces. Only simple virtual users, > > > each with it's own private mailbox. > > > I would like to use the global acl file both for administration > > > simplicity and because as I understood, global acl enrties take > > > preference over any user setting. > > > > > > In the ACL page example there is a line: > > > * user=foo lrw > > > > > > But in the comment it tells that doing so, every user' mailbox would > > > be shared with the foo user, with the lrw permissions. Which is not > > > what I would want. I don't need to share anything, just to restrict > > > what the user, foo here, can do on his mailbox. > > > > > > Thank you, > > > Luigi > > > > Hi! > > > > Folder sharing won't actually happen unless you have a shared namespace. > > > > And you can also use `owner` which refers to the mailbox owner, so > > > > * owner -te > > > > which will mean that the owner is not allowed to expunge or write \deleted > > flag. > > Thank you AKi for the clarification. > > At least in this rather old dovecot-2.2.36 from CentOS 7 (I know, it needs > updating but I have to do what says the one who pays:) using the negative > "-te" form did not work. I found in my logs: > dovecot: imap(t...@domain.com): Error: Global ACL file > /etc/dovecot/global-acls line 1: Unknown ACL '-' > and mailbox access was prevented for all users. > > I used the form > * user=t...@domain.com lrwsipk > > And it seem to work now. > > Thank you again. >
I would use * owner lrwsipk unless it's exactly that one use you want to affect? Aki _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
