[Dovecot] sharing of non-INBOX namespaces? Re: imapc and imap_acl
Hi,
On Tue, 13 Sep 2011, Lutz Preßler wrote:
On Di, 13 Sep 2011, Timo Sirainen wrote:
You mean you'd want local ACLs that apply to imapc mailboxes? Yes, exactly. Great for "integrating" legacy IMAP servers without e.g. ACL support. I think that should work. For example if you set:
mail_location = imapc:~/imapc Oh, had not realized that a path argument is possible for imapc:. There are even index file then...
Then for mailbox foo/bar the ACL file should be in ~/imapc/.foo.bar/dovecot-acl It almost works: Sep 13 18:37:58 hhh dovecot: imap(4482, uuu): Error: file_dotlock_open(/home/uuu/Maildir/gmail/.[Gmail].Alle Nachrichten /dovecot-acl) failed: No such file or directory After manually creating the ".[Gmail].Alle Nachrichten" directory, SETACL succeeds. Ok, I thought I tested accessing the mailbox afterwards, too - but I probably had not. I have a more general problem now: shared mailboxes from any "non-INBOX" namespace are not available to other users. That's not only with virtual or imapc namespaces, but also tested with two Maildir ones:
namespace personal { inbox = yes location = maildir:~/Maildir prefix = INBOX. type = private }
namespace second { inbox = no location = maildir:~/Maildir2 prefix = INBOX.second. type = private }
namespace others { type = shared separator = . prefix = INBOX.shared.%%u. location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u #location = maildir:/home/%%n/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = no list = children }
[...]
I can as user1 SETACL INBOX.second.box
~user1/Maildir2/dovecot-acl-list contains "1316082286 box" ~user1/Maildir2/.box/dovecot-acl contains "user=testuser lrs" (as does ~user1/Maildir/.in2007/dovecot-acl) The shared mailboxes dict contains shared/shared-boxes/user/testuser/user1 1
But - as testuser - 0 list "" "*"
- LIST (\HasChildren) "." "INBOX"
- LIST (\HasNoChildren) "." "INBOX.test"
- LIST (\HasNoChildren) "." "INBOX.second"
- LIST (\Noselect \HasChildren) "." "INBOX.shared.user1"
- LIST (\HasNoChildren) "." "INBOX.virtual"
- LIST (\HasNoChildren) "." "INBOX.shared.user1.in2007" 0 OK List completed.
INBOX.shared.user1.second.box is missing. Also
0 select INBOX.shared.user1.second.box
- OK [CLOSED] Previous mailbox closed. 0 NO Mailbox doesn't exist: second.box
Log shows then: Sep 15 12:39:48 host dovecot: imap(8796, testuser): Debug: acl vfile: file /etc/dovecot/global-acls/INBOX.shared.user1.second.box not found Sep 15 12:39:48 host dovecot: imap(8796, testuser): Debug: acl vfile: file /home/user1/Maildir/.second.box/dovecot-acl not found
... not searching for the acl file correctly.
Thought I tested this with earlier (2.0) versions. Changed group set up inbetween, but this does not seem relevant.
Regards, Lutz
On Thu, 2011-09-15 at 12:46 +0200, Lutz Preßler wrote:
I have a more general problem now: shared mailboxes from any "non-INBOX" namespace are not available to other users. That's not only with virtual or imapc namespaces, but also tested with two Maildir ones:
namespace others { type = shared separator = . prefix = INBOX.shared.%%u. location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
Right, because here you have configured a shared namespace for ~/Maildir. If you want to access also ~/Maildir2, you'd need to create a second shared namespace for it. Perhaps in future there could be some kind of automated detection of namespaces and putting them all under a single shared namespace. Configuration could probably be something like:
namespace others { type = shared separator = . prefix = INBOX.shared.%%u. location = shared:INBOX.:INDEX=~/Maildir/shared/%%u }
The above would then map "INBOX.shared.%%u." namespace to other user's "INBOX." namespace and also export any other private namespaces under it.
On Do, 15 Sep 2011, Timo Sirainen wrote:
On Thu, 2011-09-15 at 12:46 +0200, Lutz Preßler wrote:
I have a more general problem now: shared mailboxes from any "non-INBOX" namespace are not available to other users. That's not only with virtual or imapc namespaces, but also tested with two Maildir ones:
namespace others { type = shared separator = . prefix = INBOX.shared.%%u. location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
Right, because here you have configured a shared namespace for ~/Maildir. Uh, oh... of course. Stupid to expect it to work as your proposal for future extension already... but that would be the most flexible way, please implement :-).
If you want to access also ~/Maildir2, you'd need to create a second shared namespace for it. Maybe I mess something up the second time today - but I cannot get it to work:
namespace others { type = shared separator = . prefix = INBOX.shared.%%u. location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u subscriptions = no list = children }
namespace otherssecond { type = shared separator = . prefix = INBOX.shared2.%%u. location = maildir:%%h/Maildir2:INDEX=~/Maildir/shared2/%%u subscriptions = no list = children }
As testuser: 0 select INBOX.shared2.user1.box 0 NO Mailbox doesn't exist: shared2.user1.box
with log: Sep 15 13:28:51 host dovecot: imap(17320, testuser): Debug: acl vfile: file /etc/dovecot/global-acls/INBOX.shared2.user1.box not found Sep 15 13:28:51 host dovecot: imap(17320, testuser): Debug: acl vfile: file /home/testuser/Maildir/.shared2.user1.box/dovecot-acl not found
like the otherssecond namespace beeing ignored (yes, I've restarted dovecot).
First I tried in otherssecond prefix = INBOX.shared.%%u.second. location = maildir:%%h/Maildir2:INDEX=~/Maildir/shared/%%u/second
- don't know if this is even supposed to work, but both variants do not.
Lutz
On Thu, 2011-09-15 at 13:41 +0200, Lutz Preßler wrote:
If you want to access also ~/Maildir2, you'd need to create a second shared namespace for it. Maybe I mess something up the second time today - but I cannot get it to work:
Yeah, it didn't work. Fixed now in hg.
Timo,
On Fri, 16 Sep 2011, Timo Sirainen wrote:
On Thu, 2011-09-15 at 13:41 +0200, Lutz Preßler wrote:
If you want to access also ~/Maildir2, you'd need to create a second shared namespace for it. Maybe I mess something up the second time today - but I cannot get it to work:
Yeah, it didn't work. Fixed now in hg. multiple shared namespaces do work now, but: I retried to have in otherssecond prefix = INBOX.shared.%%u.second. location = maildir:%%h/Maildir2:INDEX=~/Maildir/shared/%%u/second This is found to be a configuration error: Sep 16 20:49:32 host dovecot: imap(5025, testuser): Error: user lpmail: Initialization failed: namespace configuration error: Dupl icate namespace prefix: "INBOX.shared." Sep 16 20:49:32 host dovecot: imap(5025, testuser): Error: Invalid user settings. Refer to server log for more information.
I think the test is too strict, as in general "prefix = bla.%%u.blubb." does work for a shared namespace. Or is there some other problem with this attempt to manually map source to destination structure?
Btw, I found a SIGSEGV when SELECTing INBOX.shared. I'll send it seperately.
Have a nice weekend, Lutz
participants (2)
-
Lutz Preßler
-
Timo Sirainen