ACL with Public Namespace

Tue Sep 9 21:41:54 UTC 2014

I've configured a namespace like this:

namespace avisos {
  type = public
  list = yes
  location = maildir:/var/mail.avisos:INDEXPVT=~/Maildir/avisos
  subscriptions = yes
  prefix = "AVISOS."
  mailbox DIVULGA {
    auto = subscribe
  }
}

This is the namespace representation in filesystem:

root at imap:~# ls -lha /var/mail.avisos/
total 44K
drwxr-xr-x  7 vmail mail 4,0K Set  9 18:21 .
drwxr-xr-x 16 root  root 4,0K Set  9 17:08 ..
drwxr-xr-x  5 vmail mail 4,0K Set  9 16:49 .DIVULGA
-rw-r--r--  1 root  root   17 Set  9 18:21 dovecot-acl
-rw-r--r--  1 vmail mail    0 Set  9 18:11 dovecot-acl-list
-rw-r--r--  1 vmail mail  360 Set  9 18:11 dovecot.mailbox.log
-rw-r--r--  1 vmail mail    8 Set  9 18:02 dovecot-uidvalidity
-r--r--r--  1 vmail mail    0 Set  9 14:57 dovecot-uidvalidity.540f3f88
-rw-r--r--  1 vmail mail  249 Set  9 18:11 subscriptions

This is the content of dovecot-acl file located at namespace's root level:

root at imap:~# cat /var/mail.avisos/dovecot-acl
authenticated rs

After reload dovecot service, it trows this error message in log:

Sep  9 18:14:13 imap dovecot: imap(user at mydomain): Error: Failed to
autocreate mailbox AVISOS.DIVULGA: Permission denied

So, I've changed the dovecot-acl file to this one and the problem was
solved.

root at imap:~# cat /var/mail.avisos/dovecot-acl
authenticated rsk

But that change created another problem: dovecot-acl file is copied into
AVISOS.DIVULGA. So, the user can create a maildir inside it. This behaviour
is bad because "invalid" maildirs are created under the filesystem. My
intention is to don't permit the user to create any maildir inside any
location of that namespace. But, I want to make possible to the
administrator to edit the dovecot.conf, insert a new mailbox into namespace
avisos and reload dovecot service to create new maildirs automatically.

How can I solve this problem?

-- 
Att.
Bruno Galindro da Costa