[Dovecot] ACLs - what's the state of play?
Greetings -
Could someone help me understand what the latest situation id with
regard to ACLs and sharing mailboxes, please?
Currently we are using Dovecot 1.0.x but will be moving to 1.1 when it
comes out of Beta (and hopefully I'll get some time before too long to
try building a test setup to play with). So I'm happy to talk only
about ACLs and sharing mailboxes in 1.1...
We are using Maildir storage format, and separate areas for each of
the Control and Index files. We are using real system users with
filestore quotas. Currently each user's files and directories are
owner by their own uid and gid (but we can change this if need be),
and are set to disallow filestore-level access to "group" or
"others" (but we can change this too if need be).
We need to know (quite urgently) if the following is/will be possible
with 1.1:
Can person A have some (a subset) of their folders accessible by
others? If so, can this be Read-Only? can it be Read-Write?Can person A have all of their currently existing folders
accessible by others, along with any folders they create in the future?Is there support for the IMAP ACL extension, enabling users to set and manage access rights themselves from their mail client?
If system username "abc1" has made their top-level folder
"Project" accessible by system username "def2", how does def2 actually
specify the folder in order to open it?
I have rummaged through the archives and Wiki but mostly these still
talk about the magical "dovecot-shared" and "dovecot-acl" files, and
how these need to be created/maintained by the system administrator.
What we're hoping for is the Holy Grail of:
* a Manager wanting to give their Secretary read-write (or in
some cases read-only) access to some or all of their folders;
* a Project Team wanting to access a common set of mail folders;
* etc
Under the old UW IMAP server you would authenticate as yourself, then
specify someone else's folder with something like (the memory is hazy
on this now):
~abc1/Project
In the Dovecot Wiki I read a lot about namespaces and so on, but can't
seem to piece together in my mind what these actually *look* like to
the end-user wanting to access someone else's shared mailbox. Nor
what can be done by the end-users, and what has to be done by the
system administrator.
Can anyone offer me advice, please?
With many thanks, Mike B-)
-- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740
- Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
participants (1)
-
Mike Brudenell