Hi Jeff,

After I have read this post from your namesake I have made it works! http://dovecot.org/pipermail/dovecot/2006-August/015634.html

Main idea is that dovecot-acl file in public/shared folder is read only by owner!

To make it read by other users you have to define global vfile folder in plugin ACL.

I have defined in dovecot.conf like this:

plugin { acl = vfile:/usr/local/etc/dovecot-acls }

As I have folder separator / I have to create in /usr/local/etc/dovecot-acls folders that named as my public folders in location for public folders like this: /usr/local/etc/dovecot-acls/share/ as I have public folder in /home/user/public/.share/

In /home/user/public/.share/ I have created dovecot-share file and in /usr/local/etc/dovecot-acls/share/ I have created .DEFAUL file which contain real ACL: user=someuser lr

And it did the trick!

So I want to say that http://wiki.dovecot.org/ACL does not clearly explain the process :(

Hope my post will help someone...

PS. Thanks to Jeff Horner for make it clear for me...

2006/8/28, Jeff Turner <jeff@atlassian.com>:

After trying and failing to do the same thing, I'm also curious about this. Do ACLs simply not work with shared folders? If so, what's the point of ACLs? Only shared resources need access control in the first place.

--Jeff

On Thu, Aug 17, 2006 at 12:24:35PM +0300, typus vulgaris wrote:

...

Hi, all!

I'm new to dovecot but trying to setup read-only public folders for different user groups.

My goal is to create several public folder such as sales, operation etc with per user index.

But I have some problem which I can't resolve with Google and Dovecot.Org.

Now users can see and subscribe to test folder "share", but I can't block ability to delete messages via ACL.

Here is file system permissions:

public/.share ]> ls -la total 12 drwxrwx--- 5 share mail 512 17 авг 12:17 . drwxrwx--- 6 root mail 512 17 авг 11:04 .. drwxrwx--- 2 share mail 512 17 авг 11:18 cur -rwxrwx--- 1 root mail 21 17 авг 10:36 dovecot-acl -rwxrwx--- 1 root mail 0 16 авг 17:56 dovecot-shared drwxrwx--- 2 share mail 512 17 авг 11:17 new drwxrwx--- 2 share mail 512 17 авг 11:17 tmp

my dovecot-acl file:

public/.share ]> cat dovecot-acl owner lr user=typ lr

But user typ can delete messages. But ACL seems working because if I remove letter 'l' from typ's setting he cannot see the folder.

Here is my config: ----------8<------------ protocols = imap ssl_disable = yes disable_plaintext_auth = no shutdown_clients = yes log_path = /var/log/dovecot/sys.log info_log_path = /var/log/dovecot/info.log login_process_size = 64 verbose_proctitle = yes first_valid_gid = 0 mail_extra_groups = mail default_mail_env = mbox:/var/mail/%u:INDEX=/home/user/%u:INBOX=/var/mail/%u namespace private { separator = / prefix = location = maildir:/home/user/%u/.maildir inbox = yes } namespace public { separator = / prefix = Public/ location = maildir:/home/user/public:CONTROL=/home/user/%u/public/control:INDEX=/home/user/%u/public/index hidden = no inbox = no } mbox_read_locks = fcntl mbox_write_locks = dotlock fcntl mbox_lock_timeout = 300 mbox_very_dirty_syncs = yes umask = 0007 protocol imap { listen = 192.168.101.1:143 mail_plugins = acl imap_client_workarounds = delay-newmail outlook-idle }

protocol pop3 { pop3_uidl_format = %08Xu%08Xv pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } auth default { mechanisms = plain passdb pam { } userdb passwd { } user = root } plugin { } -----------------8<--------------

-- typus vulgaris

-- typus vulgaris

Are you using "real" users as opposed to "virtual"? I've been trying to implement ACL controlled shared folders but couldn't as our set-up requires the use of virtual users.

Specifically our problems are:

1. dovecot-acl file within public namespace directory isn't found
2. global ACLs (vfile) partially work with virtual users but when used: a) non-ACL restricted public namespace directories stop working b) permitted users are unable to view or create sub-folders

See: http://dovecot.org/pipermail/dovecot/2006-August/015058.html and rest of thread for more details.

If anyone has been successful with virtual users I'd love to hear about it! If/when I can get ACLs working with virtual users we'll have a full dovecot (imap) replacement for exchange server!

Gavin

On Mon, 2006-08-28 at 10:54 +0300, typus vulgaris wrote:

Hi Jeff,

After I have read this post from your namesake I have made it works! http://dovecot.org/pipermail/dovecot/2006-August/015634.html

Main idea is that dovecot-acl file in public/shared folder is read only by owner!

To make it read by other users you have to define global vfile folder in plugin ACL.

I have defined in dovecot.conf like this:

plugin { acl = vfile:/usr/local/etc/dovecot-acls }

As I have folder separator / I have to create in /usr/local/etc/dovecot-acls folders that named as my public folders in location for public folders like this: /usr/local/etc/dovecot-acls/share/ as I have public folder in /home/user/public/.share/

In /home/user/public/.share/ I have created dovecot-share file and in /usr/local/etc/dovecot-acls/share/ I have created .DEFAUL file which contain real ACL: user=someuser lr

And it did the trick!

So I want to say that http://wiki.dovecot.org/ACL does not clearly explain the process :(

Hope my post will help someone...

PS. Thanks to Jeff Horner for make it clear for me...

2006/8/28, Jeff Turner <jeff@atlassian.com>:

...

After trying and failing to do the same thing, I'm also curious about this. Do ACLs simply not work with shared folders? If so, what's the point of ACLs? Only shared resources need access control in the first place.

--Jeff

On Thu, Aug 17, 2006 at 12:24:35PM +0300, typus vulgaris wrote:

...

Hi, all!

I'm new to dovecot but trying to setup read-only public folders for different user groups.

My goal is to create several public folder such as sales, operation etc with per user index.

But I have some problem which I can't resolve with Google and Dovecot.Org.

Now users can see and subscribe to test folder "share", but I can't block ability to delete messages via ACL.

Here is file system permissions:

public/.share ]> ls -la total 12 drwxrwx--- 5 share mail 512 17 авг 12:17 . drwxrwx--- 6 root mail 512 17 авг 11:04 .. drwxrwx--- 2 share mail 512 17 авг 11:18 cur -rwxrwx--- 1 root mail 21 17 авг 10:36 dovecot-acl -rwxrwx--- 1 root mail 0 16 авг 17:56 dovecot-shared drwxrwx--- 2 share mail 512 17 авг 11:17 new drwxrwx--- 2 share mail 512 17 авг 11:17 tmp

my dovecot-acl file:

public/.share ]> cat dovecot-acl owner lr user=typ lr

But user typ can delete messages. But ACL seems working because if I remove letter 'l' from typ's setting he cannot see the folder.

Here is my config: ----------8<------------ protocols = imap ssl_disable = yes disable_plaintext_auth = no shutdown_clients = yes log_path = /var/log/dovecot/sys.log info_log_path = /var/log/dovecot/info.log login_process_size = 64 verbose_proctitle = yes first_valid_gid = 0 mail_extra_groups = mail default_mail_env = mbox:/var/mail/%u:INDEX=/home/user/%u:INBOX=/var/mail/%u namespace private { separator = / prefix = location = maildir:/home/user/%u/.maildir inbox = yes } namespace public { separator = / prefix = Public/ location = maildir:/home/user/public:CONTROL=/home/user/%u/public/control:INDEX=/home/user/%u/public/index hidden = no inbox = no } mbox_read_locks = fcntl mbox_write_locks = dotlock fcntl mbox_lock_timeout = 300 mbox_very_dirty_syncs = yes umask = 0007 protocol imap { listen = 192.168.101.1:143 mail_plugins = acl imap_client_workarounds = delay-newmail outlook-idle }

protocol pop3 { pop3_uidl_format = %08Xu%08Xv pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } auth default { mechanisms = plain passdb pam { } userdb passwd { } user = root } plugin { } -----------------8<--------------

-- typus vulgaris