How to share ONE mailbox with a single user in, and configure auto ACL inheritance and Thunderbird SETACL support, in Dovecot 2.4.1?

[publists--- via dovecot]

Hi,

I’m working with Dovecot 2.4.1 and the acl plugin.

I'm trying to get per-mailbox shared namespace+acl configured and working 
dynamically.

One owner (ow...@example.com) has a real Maildir folder "TEST_SHARE" at the top 
level

        cd /mail/path/example.com/owner/Maildir
        ls -1
                cur/
                dovecot-acl-list
                Drafts/
                Junk/
                new/
                Queue/
                Sent/
                shared/
                TEST_SHARE/   <------------------------
                tmp/
                Trash/

The goal is to share that TEST_SHARE/ folder with exactly one other user 
(u...@example.com), not globally or using the global shared/ namespace.

My current config includes

It looks like in acl config you can hardwire access for a specific mailbox.
Reading the 2.4 docs, using acl global file is deprecated and we're supposed to 
use acl config.

 namespace inbox {
  inbox = yes
  type = private
  prefix =
  separator = /

  hidden = no
  list = yes
  subscriptions = yes

  mailbox TEST_SHARE {
   acl owner {
    rights = lrwstipekxa
   }
   acl user=u...@example.com {
    rights = lrwstipekx
   }
  }
 }
 namespace shared {
  type=shared;
  prefix=shared/$domain/$username/
 }
 mail_plugin {
  acl = yes
 }
 acl_driver = vfile
 acl_sharing_map {
  dict file {
   path = /etc/dovecot/shared.db
  }
 }

With that config "user" can see and use "owner’s" TEST_SHARE folder in 
Thunderbird client.

But if "owner" changes the tree in their view, like creates a subfolder under 
TEST_SHARE in TBird, it does not appear for "user".

No dovecot-acl file or acl_sharing_map entry is auto-created for the new 
subfolder.

Reading the acl docs, I think that's because these ACLs are only STATIC configs 
that are merged with vfile ACLs at runtime?

It looks to me like there's no automatic ACL inheritance from the parent to 
child mailboxes.
And the acl.conf ACLs don't seem to cause dovecot-acl files or the 
acl_sharing_map db to be created or updated.

I think "IMAP SETACL" would be needed on the client side.  Reading 
https://support.mozilla.org/en-US/kb/imap-synchronization I can't figure out if 
Thunderbird does that or not.

Can Dovecot server-side be configured to automatically create or update those 
shared acls/maps?

I'm looking for any guidance how to do this, either in Thunderbird or Dovecot 
2.4.

So that any change to TEST_SHARE by either the owner or the authorized user is 
immediately pushed and sync'd between both owner and user.

Dave
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org