[Dovecot] ACLs and public folders

hyperbatus at gmx.de hyperbatus at gmx.de
Wed Mar 31 13:39:24 EEST 2010

Dear list,

I am using dovecot 1.0.15 on Debian Lenny. I have a public folder, I use ACL / vfile (without public ACL), and I use maildir / vmail. Now I have two questions:

1) http://wiki.dovecot.org/ACL states: "Mailboxes in public namespaces don't have owners, so by default no-one can access them." The same document, when explaining the meaning of the k flag in the ACLs, states: "Mailboxes can be created (or renamed) under this mailbox (there is no recursion, so creating a mailbox under this mailbox's child uses only the child's ACLs)"

I have placed an ACL (dovecot-ACL) at the root of the public namespace (all rights to anyone). The public namespace was appearing correctly in my IMAP client.

Then I have copied a large folder with hundreds of nested subfolders (nesting level > 3) from another account to the root of the public namespace.

According to the documentation mentioned above, this should not have been possible (if I got the docs right): The first nesting level of folder should have been created, but not the messages in them and for sure not the deeper nested folders. There is no dovecot-acl within a single of the first level folders (I have verified this), so no one should have access to them. Nevertheless, in addition to the succesful copy, I can see every folder and every message in my IMAP client, I can delete and so on.

Could some please explain if I got the docs wrong?

2) If there really is no ACL recursion, how are we supposed to copy large folder structures (perhaps thousands of folders, nested to 5 levels deep) to a public namespace? Do we need to create all folders by hand, then place the dovecot-acl in each folder, and then copy the messages to each folder by hand? Do we need to switch to global ACLs so that we can establish a master user for doing the act of filling the public space? Or is there a dovecot module which, immediately after creating a folder, looks into the parent folder of the new folder and copies the dovecot-acl from the parent folder to the new folder?

Currently, I am very happy that dovecot didn't what it should do according to my understanding of the documentation (since I really needed to copy this folder structure to the public namespace), but on the other hand, I am a bit puzzled now not knowing if the documentation is wrong, my understanding of it is wrong or the source code is wrong :-)

Thanks you very much for any help,


Here is the output of dovecot -n:

# 1.0.15: /etc/dovecot/dovecot.conf
base_dir: /var/run/dovecot/
log_path: /var/log/dovecot.log
info_log_path: /var/log/dovecot-info.log
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imaps
ssl_cert_file: /etc/dovecot/imap-ssl.home.omeganet.de.crt
ssl_key_file: /etc/dovecot/imap-ssl.home.omeganet.de.key
ssl_parameters_regenerate: 24
ssl_cipher_list: ALL:!LOW
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
login_processes_count: 1
login_max_processes_count: 32
max_mail_processes: 32
mail_privileged_group: mail
mail_location: maildir:~/Maildir
mail_plugins: acl
  type: private
  inbox: yes
  type: public
  prefix: Archive.
  location: maildir:/home/vmail/archive:INDEX=~/Maildir/archive
auth default:
  cache_size: 1
  cache_ttl: 600
  worker_max_count: 4
    driver: passwd-file
    args: /etc/dovecot/passdb
    driver: static
    args: uid=vmail gid=vmail home=/home/vmail/%u
    type: listen
      path: /var/run/dovecot/auth-master
      mode: 384
      user: root
  acl: vfile

GMX DSL: Internet, Telefon und Entertainment für nur 19,99 EUR/mtl.!

More information about the dovecot mailing list