[Dovecot] Shared folder hierarchies, multiple groups
Benjamin R. Haskell
dovecot at benizi.com
Thu Aug 2 17:12:41 EEST 2007
Hi,
I'm trying to set up two shared folder hierarchies on my Dovecot
installation for two groups of employees, all of whom should only have
access to their own hierarchy. Any employee should be able to create
sub-folders and generally have full access to the hierarchy.
My initial setup was to create two public namespaces, Shared-One and
Shared-Two. Each is a Maildir under /var/mail.
The actual shared folders seem to be working fine in terms of adding and
accessing folders and messages, and there are no problems at all for the
'admin' user, who belongs to both the shared1 and shared2 Unix groups.
The problem is for other users, where trying to (IMAP-) LIST folders
fails.
(sanitized) IMAP session log: ('user2' is in group shared2)
* OK Dovecot ready.
A LOGIN user2 pass
A OK Logged in.
B LIST "" "%"
* LIST (\Noselect \HasChildren) "/" "Shared-One"
B NO Internal error occurred. Refer to server log for more information. [2007-08-02 09:01:23]
In the mail logs I find:
dovecot: IMAP(user2): stat(/var/mail/Shared-One/cur) failed: Permission denied
Relevant permissions:
2770/drwxrws--- shared1 shared1 /var/mail/Shared-One
2770/drwxrws--- shared1 shared1 /var/mail/Shared-One/cur
0660/-rw-rw---- shared1 shared1 /var/mail/Shared-One/dovecot-shared
And similarly for Shared-Two. (replace shared1 with shared2 everywhere)
Among other things, I've read:
http://wiki.dovecot.org/SharedMailboxes
http://wiki.dovecot.org/ACL
http://wiki.dovecot.org/MainConfig
http://wiki.dovecot.org/Namespaces
I don't want to use vfile ACL's (I think) because I want users to be
able to create subfolders at will, and I don't want to have to add a
dovecot-acl file per-folder. (Is there a way to set global defaults on a
global basis? [not per-folder]) I also think there would be a problem with
the hierarchies being similar. (e.g. both have a 'Projects' sub-folder,
but there's a pretty clear WARNING on the wiki about mailbox name
conflicts.)
I can't use symlinked Maildirs, because new subfolders get created under
~user/Maildir/. (Want them under /var/mail/Shared-X/)
I can't use hidden namespaces, because employees use Outlook (uggh), and
I couldn't figure out how to "find" the namespace when it was hidden.
(That seemed like the closest thing to a solution - it solved the LIST
problem.)
Ideally, Shared-Two wouldn't even be visible to members of Shared-One, and
vice versa. But, that's at least an acceptable "problem" I could live
with.
Any suggestions?
Thanks,
Ben
More information about the dovecot
mailing list