[Dovecot] Problems with acl and shared namespace

Udo Lembke udo.lembke at albertbauer.com
Thu Jun 30 13:01:52 EEST 2011 

Hi,
i'm a dovecot-newbie and also new at this mailinglist.
I'm try to configure an mailserver with dovecot2, postfix and 
postfixadmin. At this time i struggle with acl and shared namespace.

My goal is, that every user get an archive-area on an separate storage 
without quota (quota isn't running yet).
With:
namespace {
    type = private
    separator = /
    prefix = "archiv/%u/"
    location = 
maildir:/var/data/archiv/%d/%n:INDEX=/var/data/indexes/archiv/%u:LAYOUT=fs
    inbox = no
    subscriptions = yes
    list = yes
}

I see the folder, but i can't subscribe them (with thunderbird, or 
roundcube). With roundcube i can add a new folder below - so i use the trick
autocreate5                   = archiv/%u/archiv
autosubscribe5              = archiv/%u/archiv

This is as workaround ok - or is this a "must be"?.

But the user should also be able to share parts of the archiv-mailbox 
with other users (partly on different domains).
If i change the type of namespace to shared, i can't access the 
archiv-folder.

The logfile shows problems with the acl (but also with private namespace):
Jun 30 11:15:11 imap(test at example.com): Debug: Namespace : type=shared, 
prefix=archiv/test at example.com/, sep=/, inbox=no, hidden=no, list=yes, 
subscriptions=yes 
location=maildir:/var/data/archiv/example.com/test:INDEX=/var/data/indexes/archiv/test at example.com:LAYOUT=fs
Jun 30 11:15:11 imap(test at example.com): Debug: fs: 
root=/var/data/archiv/example.com/test, 
index=/var/data/indexes/archiv/test at example.com, control=, inbox=
Jun 30 11:15:11 imap(test at example.com): Debug: acl: initializing backend 
with data: vfile
Jun 30 11:15:11 imap(test at example.com): Debug: acl: acl username = 
test at example.com
Jun 30 11:15:11 imap(test at example.com): Debug: acl: owner = 0
Jun 30 11:15:11 imap(test at example.com): Debug: acl vfile: Global ACL 
directory: (none)
Jun 30 11:15:11 imap(test at example.com): Debug: Namespace : Using 
permissions from /var/data/mail/example.com/test: mode=0700 gid=-1
Jun 30 11:15:11 imap(test at example.com): Debug: acl vfile: file 
/var/data/archiv/example.com/test/dovecot-acl not found
Jun 30 11:15:11 imap(test at example.com): Debug: autocreate: Failed to 
create mailbox archiv: Permission denied
Jun 30 11:15:11 imap(test at example.com): Debug: Namespace 
archiv/test at example.com/: Using permissions from 
/var/data/archiv/example.com/test: mode=0700 gid=-1
Jun 30 11:15:11 imap(test at example.com): Debug: acl vfile: file 
/var/data/mail/example.com/test/dovecot-acl not found

I'm wondering about "...dovecot-acl not found" because dovecot create an 
file "dovecot-acl-list" :
# ls -l /var/data/archiv/example.com/test/
drwx------ 5 dovecot dovecot 4096 30. Jun 10:30 archiv
-rw------- 1 dovecot dovecot    0 30. Jun 10:30 dovecot-acl-list

Must the acl first initialized? My first try fails also:
doveadm acl set -u test at example.com archiv/test at example.com/archiv 
test at example.com lrw
doveadm(test at example.com): Fatal: Invalid ID: test at example.com

Not clear for me, what kind of id doveadm needs...

I use 2.0.13 for testing. I put my config at the end of the mail.

I'm happy if someone can hit me in the right direction, where i make the 
mistake.


Best regards

Udo



# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.39-2.slh.1-aptosid-amd64 x86_64 Debian wheezy/sid
auth_debug = yes
auth_socket_path = /var/run/dovecot/auth-userdb
auth_verbose = yes
auth_verbose_passwords = plain
first_valid_gid = 119
first_valid_uid = 110
info_log_path = /var/log/dovecot.log
last_valid_uid = 119
lda_mailbox_autocreate = yes
mail_debug = yes
mail_gid = 119
mail_plugins = acl autocreate quota
mail_uid = 110
mbox_very_dirty_syncs = yes
namespace {
   inbox = yes
   list = yes
   location = 
maildir:/var/data/mail/%d/%n:INDEX=/var/data/indexes/mail/%u:LAYOUT=fs
   prefix =
   separator = /
   subscriptions = yes
   type = private
}
namespace {
   inbox = no
   list = yes
   location = 
maildir:/var/data/archiv/%d/%n:INDEX=/var/data/indexes/archiv/%u:LAYOUT=fs
   prefix = archiv/%u/
   separator = /
   subscriptions = yes
   type = private
}
passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   acl = vfile
   acl_shared_dict = file:/var/data/dovecot/shared-mailboxes
   autocreate = Trash
   autocreate2 = Spam
   autocreate3 = Drafts
   autocreate4 = Sent
   autocreate5 = archiv/%u/archiv
   autosubscribe = Trash
   autosubscribe2 = Spam
   autosubscribe3 = Drafts
   autosubscribe4 = Sent
   autosubscribe5 = archiv/%u/archiv
   quota = dict:User quota::proxy::quota
   quota_rule2 = Trash:storage=+55M
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
}
protocols = " imap lmtp pop3"
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postdrop
     mode = 0660
     user = postfix
   }
   unix_listener auth-userdb {
     group = dovecot
     mode = 0660
     user = dovecot
   }
}
service dict {
   unix_listener dict {
     group = dovecot
     mode = 0660
     user = dovecot
   }
}
service imap-login {
   inet_listener imap {
     port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
   driver = prefetch
}
userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
}
protocol lmtp {
   mail_plugins = acl autocreate quota
}
protocol lda {
   mail_plugins = acl autocreate quota
}
protocol imap {
   mail_plugins = acl autocreate quota acl imap_acl
}

More information about the dovecot mailing list