[Dovecot] Dovecot, Shared Mailboxes (via symlink), and ACLs

Dave dave at momentumweb.com
Tue Oct 27 21:51:08 EET 2009


Hello!  I just joined the list and will be happy to help where I can in
my limited experience, but also come to the table with a question.  I
think there's something I'm missing regarding shared mailboxes and ACLs,
so I will describe my situation and see if I am understanding correctly
(running Dovecot 1.1.10).  I have read over the Dovecot Wiki many times
and have scoured many forums but still can't seem to find a solution.

I have an IMAP mailbox that is working fine (user imapuser), so the
maildir and related structure is in:  /home/imapuser/Maildir

I have another IMAP mailbox for another imap user, newuser1, also
working fine, with maildir and related structure in:  /home/newuser1/Maildir

I have created a symlink under newuser1's Maildir to imapuser's Maildir
so as to give newuser1 access to the things in imapusers's inbox.  I
have also symlinked inside the newuser1 Maildir to a folder under
imapusers's inbox, let's call it "MailingList", basically settiing up
something like:

/home/newuser1/Maildir:
cur/
.imapuserinbox -> /home/imapuser/Maildir
.imapusermailinglist -> /home/imapuser/Maildir/MailingList
new/
tmp/
(... and various other Dovecot-related files, nothing ACL related.)

Now, I have gotten the shared boxes to work IF I changed the permissions
to be rwx for user and group on /home/imapuser/Maildir/*, but this makes
procmail (and .procmailrc) unhappy and it starts sending things to mbox
files (old system) instead of sending them on to the Maildir.  So that
doesn't seem to work.  Which led me to ACLs.  Now, I've tried (after
enabling the two appropriate lines in dovecot.conf and restarting
dovecot, etc) both per-directory ACL files and global ACLs, and while I
can get some things to *change* as viewed by my mail client, I can't
seem to create consistent behavior.  I know that's fairly vague, but
it's like I'll change something in the global ACL and folders are
affected that I wouldn't anticipate, based on what I'm understanding of
ACLs.

So, in the example above, if I enable global ACLs, what names do I use
to refer to those shared boxes I'm trying to access?  Do I use the link
name I made, .imapuserinbox or .imapusermailinglist (without leading
periods), like /etc/dovecot/acls/imapuserinbox, or is it based off of
the original dir name?  Like do I need something like
/etc/dovecot/acls/MailingList ?  What about the "inbox" I'm sharing in
/home/imapuser/Maildir, how do I reference that?  Is there a way to do
it without affecting or changing permissions of other IMAP users and
inboxes on the same system?

One thing I am receiving consistently in the error logs is:
mail dovecot: IMAP(newuser1):
stat(/home/newuser1/Maildir/.imapuserinbox/tmp) failed: Permission
denied (euid=152(newuser1) egid=100(usergroup) UNIX perms seem ok, ACL
problem?)

So it seems if I get the ACL stuff right, I will be in business.  Any
ideas??  Thanks for any help anyone can give!!
Dave




More information about the dovecot mailing list