[Dovecot] Shared mailboxes basics

Thomas Hummel hummel at pasteur.fr
Mon Mar 22 12:05:11 EET 2010

On Mon, Mar 22, 2010 at 10:25:45AM +0100, Steffen Kaiser wrote:

> My idea was to put everybody sharing folders and everybody, who may access 
> shared folders, into the same group "doveshared", then leverage the 
> Unix permissions, that this group may access the folders. So I do not need 
> to use 0777 everywhere.

So basically, you get to the "single UID virtual users" solution but with GID,
right ?

Do you mean your maildirs are all in 0770 <user> doveshared ? But it still
gives too much permission in general...Especially if your users can access
their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ?

> Do you use 0777 Unix perm on all Maildir's and mail folders? Is it working 
> reliable, when mails are dropped with Deliver and APPEND, and when the 
> MUA creates new (sub-)folders?

Well, it was still a theorical question. I haven't really tried anything yet.
Also, I'm not using deliver (I know I should) but procmail.

But since for me mail_location is not accessible for users by anything else
than IMAP, loose permissions may not be such a critical issue...

Besides, I was thinking of creating as many groups (similar in purpose to your
doveshared one) as needs to share a mailbox, if and only if I could somehow
restrict (politically I mean) the use of shared mailboxes to "privileged" users
(for instance a unit chief and his assistant, ...). Not really scalable I'm
afraid though....

Thomas Hummel 	    | Institut Pasteur
<hummel at pasteur.fr> | Pôle informatique - systèmes et réseau

More information about the dovecot mailing list