Chris,
I do indeed have an acl_shared_dict set up. That may be the ticket. That makes it so that the IMAP server knows that you have acls on the other mailbox, so it can know to then look in that mailbox to find out precisely what the ACLs are.
Cheers, Andy
May 28 2015 12:49 AM, "Chris Ross" <cross+dovecot@distal.com> wrote:
On May 27, 2015, at 22:57 , Chris Ross <cross+dovecot@distal.com> wrote:
On May 25, 2015, at 15:55 , andy@thecsillags.com wrote:
When I set them up that way, I shared the target inbox (we'll call it foo@example.com) to be accessible by user bar@example.com. When I go into my email client, I'll see something like: shared/foo@example.com/INBOX as a folder.
When you say "set them up that way", do you mean following the example config at SharedMailboxes/Shared ? In that example, a mail_location is set at the outer level, which I think I don't want to do, and overridden in the shared namespace. I'm assuming I don't want either of those, or at least that's what I'm going to try first.
A question I have given your example above, is, did you set mail_shared_explicit_inbox ? It's only briefly described what that effects, so I'm not sure which setting (on or off) will cause the shared/foo@example.com/INBOX you describe seeing. I assume on, so I've turned it on.
The boxes don't have to be shared publicly if you use the "private" namespace.
By "use the "private" namespace", do you mean specifying a separate namespace block in the config, like the one is declared in the example at http://wiki2.dovecot.org/SharedMailboxes/Shared ? If so, that's what I've done. If there is a way to have a single namespace declared that's both private and shared, I don't see that, so I have two as presented on that wiki page.
Okay. Lots of trial and error and error, and I at least have some configuration that I think includes pieces about shared mailboxes and ACLs, and it's actually up and running. But, I'm not seeing the shared folder.
I was getting a lot of errors about separators (namespace configuration error: All list=yes namespaces must use the same separator) and prefixes (namespace configuration error: list=yes requires prefix=/ not to start with separator), but have it working now. The namespace private block from the example at http://wiki2.dovecot.org/SharedMailboxes/Public caused many of those problems, and I didn't have a separator configured at all (ie, was still commented out) in my main namespace, so that apparently conflicted with the "separator = /" in the shared namespace. But, all that resolved.
The config file I've added into conf.d/15-shared.conf is:
namespace { type = shared separator = / prefix = shared/%%u/ location = maildir:/home/%%n/Maildir:INDEX=~/Maildir/shared/%%u:INDEXPVT=~/Maildir/shared/%%u subscriptions = no list = children } mail_shared_explicit_inbox = yes protocol imap { mail_plugins = $mail_plugins acl imap_acl } plugin { acl = vfile }
This comes from the aforementioned wiki page. I ran the doveadm acl command you suggested (though my usernames have no domain part, like your example did have domain parts)
Now, while dovecot is back to working, I don't see a shared folder anywhere. "doveadm mailbox list" lists the mailboxes for users, including the INBOX I've tried to configure an ACL to let me share.
Clearly I'm missing a piece. Andy, or anyone else, if you see what I've missed, please let me know. I'm not seeing anything back from the server with my mail client under "Subscription List", so I can't choose to subscribe. Maybe I've turned off subscriptions somehow, and it's not auto-subscribing me? Or, maybe having "list=children", and I haven't set up the ACL correctly?
I ran:
sudo doveadm acl add -u childuser INBOX user=cross lookup read write write-seen write-deleted insert post expunge create delete admin
After removing the domains from your example, that's about what you had. I can see the INBOX for childuser with "doveadm mailbox list -u childuser".
Ahh. I think I may be on to something. I tried the "doveadm acl add" again, which seems to succeed, but "doveadm acl debug" then doesn't mention anything about me, or my access to childuser's INBOX. Running the "acl add" with "doveadm -D" shows:
doveadm(childuser): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled
and later:
doveadm(childuser): Debug: acl vfile: Global ACLs disabled
The first of those looks like it might be a problem. Do you have an "acl_shared_dict" set up in your config anywhere, Andy?
Thanks. Any help appreciated.
- Chris