sharing INBOX with ACL -> share all folders
Hi at all, I have a problem with ACL; I want to share INBOX and Sent folder to an other user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk, Draft, Trash, etc)
# doveadm acl get -u janedoe INBOX ID Global Rights
user=johndoe expunge insert lookup post read write write-deleted write-seen # doveadm acl get -u janedoe Sent ID Global Rights
user=johndoe expunge insert lookup post read write write-deleted write-seen # doveadm acl get -u janedoe Trash ID Global Rights
# doveadm acl get -u janedoe Drafts ID Global Rights
# doveadm acl get -u janedoe Junk ID Global Rights
# doveadm mailbox list -u johndoe Trash Junk Drafts Sent Archives Archives.2015 Other Users Other Users.janedoe Other Users.janedoe.Junk Other Users.janedoe.Drafts Other Users.janedoe.Sent Other Users.janedoe.Trash Other Users.janedoe.INBOX INBOX
If I remove the INBOX ACL, only 'Sent' folder is shared, as expected:
# doveadm acl delete -u janedoe INBOX johndoe # doveadm mailbox list -u provahe Trash Trash.saved-messages Junk Drafts Sent INBOX_spam Archives Archives.2015 Archives.2015.INBOX_spam Other Users Other Users.janedoe Other Users.janedoe.Sent INBOX
My Dovecot instance use a single user, and all my mailboxes use standard maildir files:
drwx------ 9 vmail mail 0 Jul 28 10:59 . drwx------ 12 vmail mail 3864 Jul 28 09:39 .. drwx------ 2 vmail mail 0 Jul 28 09:51 cur -rw------- 1 vmail mail 0 Jul 28 10:59 dovecot-acl -rw------- 1 vmail mail 16 Jul 28 10:59 dovecot-acl-list -rw------- 1 vmail mail 1448 Jul 28 09:51 dovecot.index.cache -rw------- 1 vmail mail 1016 Jul 28 09:52 dovecot.index.log -rw------- 1 vmail mail 113 Jul 28 09:51 dovecot-uidlist -rw------- 1 vmail mail 8 Jul 28 09:39 dovecot-uidvalidity -r--r--r-- 1 vmail mail 0 Jul 28 09:39 dovecot-uidvalidity.55b731ac drwx------ 5 vmail mail 0 Jul 28 09:39 .Drafts lrwxrwxrwx 1 vmail mail 5 Jul 28 09:39 .INBOX_spam -> .Junk drwx------ 5 vmail mail 0 Jul 28 09:39 .Junk -rw------- 1 vmail mail 16 Jul 28 09:39 maildirsize drwx------ 2 vmail mail 0 Jul 28 09:51 new drwx------ 5 vmail mail 0 Jul 28 09:50 .Sent -rw------- 1 vmail mail 37 Jul 28 09:39 subscriptions drwx------ 2 vmail mail 0 Jul 28 09:51 tmp drwx------ 5 vmail mail 0 Jul 28 09:39 .Trash
any clue to solve my problem ?? I've already try to play with 'acl_defaults_from_inbox' setting, but no way ..
Thank you, Marco
# 2.2.15: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.6 (3e924b1b6c5c+) # OS: Linux 2.6.18-400.1.1.el5 x86_64 Red Hat Enterprise Linux Server auth_master_user_separator = * auth_mechanisms = plain login disable_plaintext_auth = no doveadm_password = XXXXXXXXXXXXXXXXXXXXXXXX doveadm_port = 12345 first_valid_uid = 200 hostname = xxxxxxx.sissa.it imap_client_workarounds = delay-newmail lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lda_original_recipient_header = X-Original-To listen = * login_log_format_elements = user=<%u> PID=%p method=%m rip=%r lip=%l %c login_trusted_networks = XXX.XXX.1.172/30 XXX.XXX.24.0/23 mail_gid = mail mail_home = /var/spool/mail/%1n/%n mail_location = maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n mail_plugins = acl fts fts_solr mailbox_alias quota mail_shared_explicit_inbox = yes mail_uid = vmail maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate imapflags notify mbox_write_locks = fcntl mmap_disable = yes namespace archives { hidden = no inbox = no list = children location = maildir:/var/spool/archives/%1n/%n:INDEX=/var/shared/indexes/%1n/%n/archives mailbox 2015 { auto = subscribe special_use = \Archive } prefix = Archives. separator = . subscriptions = no type = private } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox INBOX_spam { auto = subscribe special_use = \Junk } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . } namespace others { list = children location = maildir:/var/spool/mail/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n prefix = Other Users.%%n. separator = . subscriptions = no type = shared } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_defaults_from_inbox = no acl_shared_dict = file:/var/shared/dovecot/shared-mailboxes.dict fts = solr fts_autoindex = yes fts_autoindex_max_recent_msgs = 20 fts_solr = url=http://solr.localdomain:8080/solr/ mailbox_alias_new = INBOX_spam mailbox_alias_old = Junk quota = maildir:User quota:ns= quota2 = maildir:Archive quota:ns=Archives. quota2_rule = *:storage=20GB quota2_warning = storage=95%% quota2-warning 95 %u quota2_warning2 = storage=90%% quota2-warning 90 %u quota2_warning3 = storage=80%% quota2-warning 80 %u quota_rule = *:storage=5GB quota_rule2 = Trash:storage=+20%% quota_status_nouser = DUNNO quota_status_overquota = 552 5.2.2 Quota exceeded (mailbox for user is full) quota_status_success = DUNNO quota_warning = storage=100%% quota-warning 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=80%% quota-warning 80 %u sieve = file:~/sieve;active=~/sieve/.dovecot.sieve sieve_default = /etc/dovecot/sieve/dovecot.sieve sieve_extensions = +notify +imapflags sieve_max_redirects = 16 } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh postmaster_address = postmaster@sissa.it protocols = imap pop3 lmtp sieve rejection_reason = Your message to <%t> was automatically rejected for the following reason: %n%n%r service auth { inet_listener { port = 49494 } unix_listener auth-userdb { user = vmail } } service dict { unix_listener dict { user = vmail } } service doveadm { inet_listener { port = 26001 } } service imap-login { process_min_avail = 16 service_count = 0 } service imap { process_limit = 2048 } service lmtp { inet_listener lmtp { port = 24 } process_min_avail = 5 } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } process_min_avail = 16 service_count = 0 vsz_limit = 256 M } service quota-status { client_limit = 1 executable = /usr/libexec/dovecot/quota-status -p postfix inet_listener { port = 25001 } } service quota-warning { executable = script /usr/local/bin/dovecot-quota-warning.sh unix_listener quota-warning { user = vmail } user = vmail } service quota2-warning { executable = script /usr/local/bin/dovecot-quota2-warning.sh unix_listener quota2-warning { user = vmail } user = vmail } ssl_cert =
--
|Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: giunta@sissa.it |
On Jul 28, 2015, at 05:13, Marco Giunta giunta@sissa.it wrote:
Hi at all, I have a problem with ACL; I want to share INBOX and Sent folder to an other user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk, Draft, Trash, etc)
Hello, Marco. Unfortunately I don’t know why you are seeing the behavior you are, and hope that someone else will be able to help.
However, you seem to have accomplished something I’m wanting to do, and have as yet been unable to get working. I have a Users INBOX that I want to share to other users, but something is wrong with the way I’ve configured ACLs and sharing.
Perhaps we could discuss off-list more of what your configuration looks like, and how you got there? I’m running on FreeBSD with the ports system version of dovecot2 2.2.16, currently, although I think I’m due an upgrade.
You say you’re have "My Dovecot instance use a single user”, and I think that’s different than I. My Maildir directories and files are all owned by the UNIX user that owns the file. Maybe this is causing me the permissions problems I’m seeing. Is having it all running as one [UNIX] user a typical configuration for dovecot2? Or just typical of installations using ACLs?
Thank you.
- ChrisHi Chris, fortunately I've solved the problem with INBOX sharing: there is a bug with option 'acl_defaults_from_inbox'. When you define it with ANY value ('yes', 'no', 'whatyouwant', 'xxx') it acts like the value is ALWAYS 'yes', the only way to disable it, is comment it or delete from configuration file.
My Maildir directories and files are all owned by the UNIX user that owns the file.
to avoid problems with acl, mailbox sharing and so on, I've changed my configuration from different UNIX users to a single virtual user some years ago
Is having it all running as one [UNIX] user a typical configuration for dovecot2? Or just typical of installations using ACLs?
I don't know if is typical or not, but it is very simple, and till now I didn't seen any particular problem
My configuration is attached in the first email; if you need some explanation, let me know.
Marco
On 2015-07-28 16:38, Chris Ross wrote:
On Jul 28, 2015, at 05:13, Marco Giunta giunta@sissa.it wrote:
Hi at all, I have a problem with ACL; I want to share INBOX and Sent folder to an other user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk, Draft, Trash, etc)
Hello, Marco. Unfortunately I don’t know why you are seeing the behavior you are, and hope that someone else will be able to help.
However, you seem to have accomplished something I’m wanting to do, and have as yet been unable to get working. I have a Users INBOX that I want to share to other users, but something is wrong with the way I’ve configured ACLs and sharing.
Perhaps we could discuss off-list more of what your configuration looks like, and how you got there? I’m running on FreeBSD with the ports system version of dovecot2 2.2.16, currently, although I think I’m due an upgrade.
You say you’re have "My Dovecot instance use a single user”, and I think that’s different than I. My Maildir directories and files are all owned by the UNIX user that owns the file. Maybe this is causing me the permissions problems I’m seeing. Is having it all running as one [UNIX] user a typical configuration for dovecot2? Or just typical of installations using ACLs?
Thank you.
- Chris
--
|Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: giunta@sissa.it |
[- resend to the list from my list address -]
On Jul 28, 2015, at 05:13, Marco Giunta giunta@sissa.it wrote:
Hi at all, I have a problem with ACL; I want to share INBOX and Sent folder to an other user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk, Draft, Trash, etc)
Hello, Marco. Unfortunately I don’t know why you are seeing the behavior you are, and hope that someone else will be able to help.
However, you seem to have accomplished something I’m wanting to do, and have as yet been unable to get working. I have a Users INBOX that I want to share to other users, but something is wrong with the way I’ve configured ACLs and sharing.
Perhaps we could discuss off-list more of what your configuration looks like, and how you got there? I’m running on FreeBSD with the ports system version of dovecot2 2.2.16, currently, although I think I’m due an upgrade.
You say you’re have "My Dovecot instance use a single user”, and I think that’s different than I. My Maildir directories and files are all owned by the UNIX user that owns the file. Maybe this is causing me the permissions problems I’m seeing. Is having it all running as one [UNIX] user a typical configuration for dovecot2? Or just typical of installations using ACLs?
Thank you.
- Chris
participants (3)
-
Chris Ross
-
Chris Ross
-
Marco Giunta