[Dovecot] Question about folder sharing
Hi,
I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix, samba4 (as ldap backend) and sogo. I configured folder sharing but have an few issues. With my current config users can share the inbox and other folders. If the acl allows creatings subfolders this does work for all folders beside inbox.
What i want to archiev is the following:
If an user shares his inbox, others should be able to create subfolders and those should inherit the inboxe's acl. All subfolders of inbox should appear as folders at root level and not as subfolders of the inbox.
I thought this can be done by setting the prefix of namespace inbox to INBOX/. I did this and changed the IMAP Server Folder setting in thunderbird to INBOX (like it was earlier when i used courier). Now subfolders created at rootlevel or as subfolders of the inbox appear on rootlevel in thunderbird but they do not inherit the acl's from inbox. Is there an way to achive this?
doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 ext4 auth_debug = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_master_user_separator = % auth_mechanisms = plain login gssapi auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_format = %n auth_verbose = yes debug_log_path = syslog disable_plaintext_auth = no first_valid_gid = 998 first_valid_uid = 998 info_log_path = syslog mail_debug = yes mail_gid = 998 mail_home = /home/vmail/%u mail_location = maildir:/home/vmail/%u/mail mail_plugins = acl mail_shared_explicit_inbox = no mail_uid = 998 maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes } plugin { acl = vfile acl_anyone = allow acl_shared_dict = file:/home/vmail/.shared-mailboxes sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp sieve" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0777 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap-postlogin { executable = script-login /etc/dovecot/acl-groups.sh user = $default_internal_user } service imap { executable = imap imap-postlogin } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert =
Hmm inheritance for Inbox subfolders is working now that i changed namespace inbox into namespace.
However the prefix INDEX thing does not look nice for shared folders they appear as shaler/username/INBOX/[foldername]
The docs mention:
ACL InheritanceEvery time you create a new mailbox, it gets its ACLs from the parent mailbox. If you're creating a root-level mailbox, it uses the namespace's default ACLs. There is no actual inheritance, however: If you modify parent's ACLs, the child's ACLs stay the same. There is currently no support for ACL inheritance.
Namespace's default ACLs are read from "dovecot-acl" file in the namespace's mail root directory (e.g. /var/public/Maildir). Note that currently these default ACLs are used only when creating new mailboxes, they aren't used for mailboxes without ACLs.
What i do not understand where would i have to put an dovecot-acl for user default? My mail_home is /home/vmail/%u and mail root an subfolder mail inside. The dovecot-acl residing here is the one with the acl's for inbox and therefore only used for inboxe's subfolders.
Am 08.11.2013 01:25, schrieb Achim Gottinger:
Hi,
I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix, samba4 (as ldap backend) and sogo. I configured folder sharing but have an few issues. With my current config users can share the inbox and other folders. If the acl allows creatings subfolders this does work for all folders beside inbox.
What i want to archiev is the following:
If an user shares his inbox, others should be able to create subfolders and those should inherit the inboxe's acl. All subfolders of inbox should appear as folders at root level and not as subfolders of the inbox.
I thought this can be done by setting the prefix of namespace inbox to INBOX/. I did this and changed the IMAP Server Folder setting in thunderbird to INBOX (like it was earlier when i used courier). Now subfolders created at rootlevel or as subfolders of the inbox appear on rootlevel in thunderbird but they do not inherit the acl's from inbox. Is there an way to achive this?
doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2 ext4 auth_debug = yes auth_gssapi_hostname = $ALL auth_krb5_keytab = /etc/dovecot/dovecot.keytab auth_master_user_separator = % auth_mechanisms = plain login gssapi auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% auth_username_format = %n auth_verbose = yes debug_log_path = syslog disable_plaintext_auth = no first_valid_gid = 998 first_valid_uid = 998 info_log_path = syslog mail_debug = yes mail_gid = 998 mail_home = /home/vmail/%u mail_location = maildir:/home/vmail/%u/mail mail_plugins = acl mail_shared_explicit_inbox = no mail_uid = 998 maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-ldap-passdb.conf.ext driver = ldap } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes } plugin { acl = vfile acl_anyone = allow acl_shared_dict = file:/home/vmail/.shared-mailboxes sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap lmtp sieve" service auth-worker { user = $default_internal_user } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0777 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service imap-postlogin { executable = script-login /etc/dovecot/acl-groups.sh user = $default_internal_user } service imap { executable = imap imap-postlogin } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl_cert =
Am 08.11.2013 02:50, schrieb Achim Gottinger:
Hmm inheritance for Inbox subfolders is working now that i changed namespace inbox into namespace.
However the prefix INDEX thing does not look nice for shared folders they appear as shaler/username/INBOX/[foldername]
The docs mention:
ACL Inheritance
Every time you create a new mailbox, it gets its ACLs from the parent mailbox. If you're creating a root-level mailbox, it uses the namespace's default ACLs. There is no actual inheritance, however: If you modify parent's ACLs, the child's ACLs stay the same. There is currently no support for ACL inheritance.
Namespace's default ACLs are read from "dovecot-acl" file in the namespace's mail root directory (e.g. /var/public/Maildir). Note that currently these default ACLs are used only when creating new mailboxes, they aren't used for mailboxes without ACLs.
What i do not understand where would i have to put an dovecot-acl for user default? My mail_home is /home/vmail/%u and mail root an subfolder mail inside. The dovecot-acl residing here is the one with the acl's for inbox and therefore only used for inboxe's subfolders.
Beside that i guess it would still not allow users to create folders via thunderbird by right click on shared/[username] and selecting new folder. Seems the only workaround is to create an separate folder share him and set acls on that folder so the hierarchy would end up linke this
Inbox Trash ... shared/[username] (users inbox) shared/[username]/folder (the helper folder with proper acl's) shared/[username]/folder/[subfolders]
and if there are subfolders in the inbox
shared/[username]/INBOX/[subfolder]
Hi,
I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix, samba4 (as ldap backend) and sogo. I configured folder sharing but have an few issues. With my current config users can share the inbox and other folders. If the acl allows creatings subfolders this does work for all folders beside inbox.
What i want to archiev is the following:
If an user shares his inbox, others should be able to create subfolders and those should inherit the inboxe's acl. All subfolders of inbox should appear as folders at root level and not as subfolders of the inbox.
I thought this can be done by setting the prefix of namespace inbox to INBOX/. I did this and changed the IMAP Server Folder setting in thunderbird to INBOX (like it was earlier when i used courier). Now subfolders created at rootlevel or as subfolders of the inbox appear on rootlevel in thunderbird but they do not inherit the acl's from inbox. Is there an way to achive this?
doveconf -n
mail_location = maildir:/home/vmail/%u/mail namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail prefix = separator = / type = private }
userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext driver = ldap } I changed the location of the inbox like this mail_location = maildir:/home/vmail/%u/mail:INBOX= /home/vmail/%u/mail/.Inbox namespace {
Am 08.11.2013 01:25, schrieb Achim Gottinger: list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX= /home/vmail/%%u/mail/.Inbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail:INBOX= /home/vmail/%u/mail/.Inbox prefix = separator = / type = private } Also exteded my ldap queries to return the correct mail variable (=mail=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.Inbox).
Now an dovecot-acl inside /home/vmail/%u/mail gets used for newly created subfolders, which is very helpful. However if i share an users inbox now the hierarchie looks like this for an user with access.
shared/user shared/user/Inbox shared/user/INBOX
All three folders point to user's inbox. If i set mail_shared_explicit_inbox=yes "shared/user" is greyed out but the other two folders remain. Can someone here tell me what i did wrong to have three verisons of the inbox now?
Thanks in advance achim~
Am 09.11.2013 11:48, schrieb Achim Gottinger:
Hi,
I run dovecot (2.1.7) on debian wheezy in conjuniction with postfix, samba4 (as ldap backend) and sogo. I configured folder sharing but have an few issues. With my current config users can share the inbox and other folders. If the acl allows creatings subfolders this does work for all folders beside inbox.
What i want to archiev is the following:
If an user shares his inbox, others should be able to create subfolders and those should inherit the inboxe's acl. All subfolders of inbox should appear as folders at root level and not as subfolders of the inbox.
I thought this can be done by setting the prefix of namespace inbox to INBOX/. I did this and changed the IMAP Server Folder setting in thunderbird to INBOX (like it was earlier when i used courier). Now subfolders created at rootlevel or as subfolders of the inbox appear on rootlevel in thunderbird but they do not inherit the acl's from inbox. Is there an way to achive this?
doveconf -n
mail_location = maildir:/home/vmail/%u/mail namespace { list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail prefix = separator = / type = private }
userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-userdb-groups.conf.ext driver = ldap } I changed the location of the inbox like this mail_location = maildir:/home/vmail/%u/mail:INBOX= /home/vmail/%u/mail/.Inbox namespace {
Am 08.11.2013 01:25, schrieb Achim Gottinger: list = children location = maildir:/home/vmail/%%u/mail:INDEX=/home/vmail/%u/mail/shared/%%u:INBOX= /home/vmail/%%u/mail/.Inbox prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = maildir:/home/vmail/%u/mail:INBOX= /home/vmail/%u/mail/.Inbox prefix = separator = / type = private } Also exteded my ldap queries to return the correct mail variable (=mail=/home/vmail/%u/mail:INBOX=/home/vmail/%u/mail/.Inbox).
Now an dovecot-acl inside /home/vmail/%u/mail gets used for newly created subfolders, which is very helpful. However if i share an users inbox now the hierarchie looks like this for an user with access.
shared/user shared/user/Inbox shared/user/INBOX
All three folders point to user's inbox. If i set mail_shared_explicit_inbox=yes "shared/user" is greyed out but the other two folders remain. Can someone here tell me what i did wrong to have three verisons of the inbox now?
Thanks in advance achim~ Changed .Inbox to .INBOX now there is only one folder named INBOX visible. The ACL's from /home/vmail/%u/mail are used for all subfolders under ../mail no matter if they have an dovecot-acl file inside or not. Can not find this documented, it's useful in my case but is it supposed to work like that? Nice thing is i can create root-level folders for users with an mail_location configured like that in the shared subsections.
participants (1)
-
Achim Gottinger