In courier-imap, we were able to take advantage of the maildir structure and standard unix users/groups to allow 'decsstaff' members to have full write access while 'decsall' members only have r/o unless also a member of 'decsstaff':
-rw-rw-r-- 1 postlocal decsstaff 37597 May 5 23:37 /egr/mail/shared/decs/.support.In/cur/1178422658.M533373P54269.ice drwxrwxr-x 2 postlocal decsstaff 24576 May 5 23:37 /egr/mail/shared/decs/.support.In/cur drwxrws--- 6 postlocal decsall 4096 Apr 22 18:08 /egr/mail/shared/decs/.support.In drwxrwsr-x 34 postlocal wheel 4096 May 1 07:23 /egr/mail/shared/decs location: maildir:/egr/mail/shared-dovecot2/vprgs:CONTROL=%h/Maildir/dovecot/public/c ontrol/vprgs:INDEX=%h/Maildir/dovecot/public/indexes/vprgs namespace: type: private separator: / prefix: mail/ hidden: yes
plugin: acl: vfile:/usr/local/etc/dovecot-acls
I use shared folders. I posted a while back about my setup. There have been a few changelogs since then concerning ACLs. My setup might be whacked but it still continues to work. The simplest example I have is root mail.
I have mail folders
drwxrwx--- 4 rootmail users /home/services/mail/rootmail/Maildir drwxrwx--- 4 rootmail users ../.RootmailFolder drwxrwx--- 4 rootmail users ../.RootmailFolder.general
To get around ACL plugins downside of being unaware of namespaces I create
a "RootmailFolder" underneath Maildir. No one else probably (hopefully) will
have a folder named that. If they did then the permissions in the ACL
plug-in directory would override "owner permissions". Were that to happen
then you could just put a dovecot-acl file in the user's directory to
compensate though this is a fuzzy part... this used to work but I haven't
needed to test it so I don't know if it does still.
I then created a general folder under that. I have a sieve script which pumps all mail into the general folder. So this is rootmail's "inbox". I did this as a workaround.
<might not be needed nor work anymore>
If you actually want a user 'rootmail' to use an imap client and log into their mailbox then you would create a file
/home/services/mail/rootmail/Maildir/dovecot-acl /home/services/mail/rootmail/Maildir/.RootmailFolder/dovecot-acl /home/services/mail/rootmail/Maildir/.RootmailFolder.general/dovecot-acl
all the files contain:
user=rootmail lrwstie
To use the ACL plug-in files must be create in this directory:
plugin: acl: vfile:/usr/local/etc/dovecot-acls
so I have (using your path) files:
/usr/local/etc/dovecot-acls/RootmailFolder /usr/local/etc/dovecot-acls/RootmailFolder.general
These files contain
user=jhorner lrwstie
My namespace is setup as:
namespace public { separator = . prefix = ROOTMAIL. location = maildir:/home/services/mail/rootmail/Maildir:CONTROL=%h/shared-settings/rootmail/control:INDEX=%h/shared-settings/rootmail/index hidden = no inbox = no }
Everyone can see the namespace but no one but me can access the namespace because RootmailFolder is only accessible by me. Those who do try to access a forbidden folder get a curt techie error. However, most clients do not show the namespace because there aren't any folders underneath the namespace that are accessible so this is not a problem for me.
I also have a COMPANY share setup similarly. However there are many many folders underneath this share and different people can access different folders and I accomplish that using the ACL plug-in similar to above.
I used to use Courier and I was able to duplicate shared folders via the ACL plug-in though the folders are now one level deeper, i.e. ROOTMAIL/RootmailFolders/general as opposed to ROOTMAIL/general (namespace/foldername). Some users did complain. Oh well... most are still breathing.
Jim