How to share ONE mailbox with a single user in, and configure auto ACL inheritance and Thunderbird SETACL support, in Dovecot 2.4.1?

2 Oct 2025


      Hi,
I’m working with Dovecot 2.4.1 and the acl plugin.
I'm trying to get per-mailbox shared namespace+acl configured and working dynamically.
One owner (owner@example.com) has a real Maildir folder "TEST_SHARE" at the top level
cd /mail/path/example.com/owner/Maildir
ls -1
	cur/
	dovecot-acl-list
	Drafts/
	Junk/
	new/
	Queue/
	Sent/
	shared/
	TEST_SHARE/   &lt;------------------------
	tmp/
	Trash/
The goal is to share that TEST_SHARE/ folder with exactly one other user (user@example.com), not globally or using the global shared/ namespace.
My current config includes
It looks like in acl config you can hardwire access for a specific mailbox.
Reading the 2.4 docs, using acl global file is deprecated and we're supposed to use acl config.
namespace inbox {
inbox = yes
type = private
prefix =
separator = /
hidden = no
list = yes
subscriptions = yes
mailbox TEST_SHARE {
acl owner {
rights = lrwstipekxa
}
acl user=user@example.com {
rights = lrwstipekx
}
}
}
namespace shared {
type=shared;
prefix=shared/$domain/$username/
}
mail_plugin {
acl = yes
}
acl_driver = vfile
acl_sharing_map {
dict file {
path = /etc/dovecot/shared.db
}
}
With that config "user" can see and use "owner’s" TEST_SHARE folder in Thunderbird client.
But if "owner" changes the tree in their view, like creates a subfolder under TEST_SHARE in TBird, it does not appear for "user".
No dovecot-acl file or acl_sharing_map entry is auto-created for the new subfolder.
Reading the acl docs, I think that's because these ACLs are only STATIC configs that are merged with vfile ACLs at runtime?
It looks to me like there's no automatic ACL inheritance from the parent to child mailboxes.
And the acl.conf ACLs don't seem to cause dovecot-acl files or the acl_sharing_map db to be created or updated.
I think "IMAP SETACL" would be needed on the client side.  Reading https://support.mozilla.org/en-US/kb/imap-synchronization I can't figure out if Thunderbird does that or not.
Can Dovecot server-side be configured to automatically create or update those shared acls/maps?
I'm looking for any guidance how to do this, either in Thunderbird or Dovecot 2.4.
So that any change to TEST_SHARE by either the owner or the authorized user is immediately pushed and sync'd between both owner and user.
Dave

How to share ONE mailbox with a single user in, and configure auto ACL inheritance and Thunderbird SETACL support, in Dovecot 2.4.1?

publists＠emailgroups.net