On 06/02/2025 13:16 EET dovecot--- via dovecot <dovecot@dovecot.org> wrote:
Da: Aki Tuomi <aki.tuomi@open-xchange.com> Inviato: giovedì 6 febbraio 2025 11:49 A: dovecot@iotti.biz; dovecot--- via dovecot <dovecot@dovecot.org> Oggetto: Re: Preventing message deletion
On 06/02/2025 12:39 EET dovecot--- via dovecot <dovecot@dovecot.org> wrote:
Hi all
How may I disable message deletions via IMAP for some or all of my users? I read on the net that a possible solution would be to use the ACL IMAP plugin. But the examples I found were not so clear to me. We do not use shared mailboxes or namespaces. Only simple virtual users, each with it's own private mailbox. I would like to use the global acl file both for administration simplicity and because as I understood, global acl enrties take preference over any user setting.
In the ACL page example there is a line:
- user=foo lrw
But in the comment it tells that doing so, every user' mailbox would be shared with the foo user, with the lrw permissions. Which is not what I would want. I don't need to share anything, just to restrict what the user, foo here, can do on his mailbox.
Thank you, Luigi
Hi!
Folder sharing won't actually happen unless you have a shared namespace.
And you can also use
ownerwhich refers to the mailbox owner, so
- owner -te
which will mean that the owner is not allowed to expunge or write \deleted flag.
Thank you AKi for the clarification.
At least in this rather old dovecot-2.2.36 from CentOS 7 (I know, it needs updating but I have to do what says the one who pays:) using the negative "-te" form did not work. I found in my logs: dovecot: imap(test@domain.com): Error: Global ACL file /etc/dovecot/global-acls line 1: Unknown ACL '-' and mailbox access was prevented for all users.
I used the form
- user=test@domain.com lrwsipk
And it seem to work now.
Thank you again.
I would use
- owner lrwsipk
unless it's exactly that one use you want to affect?
Aki