I'm also having beginner's troubles with shared mailboxes with dovecot 1.2.11.
I've used the TestInstallation instructions for connecting to the imap port via openssl and issuing the setacl/getacl commands. Those appear to be fine.
I'm having real difficulty with the acl_shared_dict configuration. I'd prefer to just use a flat file, as I don't anticipate using shared folders very frequently. I don't need a database and would greatly prefer not to have a dependency on our database service. So, with this setting:
acl_shared_dict = file:/private/dovecot/var/etc/shared-mailboxes
The '../var/etc' directory is something like 755. I have to create the file first and make it 666. When it is updated, ownership & permissions are changed such that the user giving acl permissions then owns the file and it's 600. I tried setting it back to 644 afterward, so other users could read it, but they tried setting a lock in that dir as well.
I tried this:
acl_shared_dict = file:/private/dovecot/var/etc/shared-list/shared-mailboxes-%u
Then I made shared-list have '1777' permissions. Permissions-wise, this will now work, including locks, but I'm guessing this is just plain wrong and I still can't verify access.
My second choice was to use sqlite for this acl_shared_dict, but, even though I compiled dovecot with sqlite support and 'ldd' shows that '../libexec/dict' is linked against sqlite libraries, when I tried this config:
acl_shared_dict = sqlite:/private/dovecot/etc/acl-shared-dict.conf
I get this, and dovecot fails to start up.
EUnknown dict module: sqlite
I question whether I can use sqlite for acl_shared_dict.
Furthermore, in this vein, I don't really know what the shared namespace should even look like. I've been trying the imap commands LIST and MYRIGHTS to verify access, but there are simply no examples. I'd rather expect this to work:
x myrights shared/fromuser/folder
but all I get is mailbox doesn't exist. I know 'shared' is the namespace, but I just don't know how it should really be referred to.
Personally, I can live without the acl_shared_dict (from what I understand). I don't need to see the shared path for subscription, I'd just manually add the folder path to the .subscriptions file for the handful of users that need it. I just don't think it's working, though.
On a related note, I thought I'd increase debugging to see if that helped out any. When I change 'mail_debug' to 'yes', as soon as I issue the imap login command, it logs some stuff, then kicks me out.
Jun 09 15:57:53 IMAP(tom2): Info: acl: initializing backend with data: vfile Jun 09 15:57:53 IMAP(tom2): Info: acl: acl username = tom2 Jun 09 15:57:53 IMAP(tom2): Info: acl: owner = 1 Jun 09 15:57:53 dovecot: Error: child 6000 (imap) killed with signal 11 (core dumps disabled)
I would assume this error is causing my problems, but for all I know, it could be a side-effect of verbose debugging -- to just terminate. I see nothing about that in the docs, though. imap works fine without verbose logging, so I'm baffled.
I have been frustrated by the shared namespace documentation. I've been through it again and again, but haven't found the answers I've been looking for.
Here is the relevant configuration:
namespace shared { location = mbox:%%h/mail/shared:INDEX=%%h/mail/shared/.imap # everything else defaults }
protocol imap { mail_plugins = quota imap_quota acl imap_acl }
protocol lda { mail_plugins = acl }
plugin { acl = vfile acl_shared_dict = file:/private/dovecot/var/etc/shared-list/shared-mailboxes-%u }