Hello everybody,

we're using shared mailboxes as an archive to which everyone has full rights, set with doveadm. The rights look like this:

doveadm acl get -u bob@example.com shared/archive@example.com

ID Global Rights

user=bob@example.com admin create delete expunge insert lookup
post read write write-deleted write-seen

Looking at this i would this i would think i should be able to move an existing folder to shared/archive@example.com. But i get a "permission denied".

A rawlog session from trying to copy looks like this:

1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NOTIFY ACL RIGHTS=texk] Logged in

• ID ("name" "Dovecot") 2 OK ID completed (0.001 + 0.000 secs).
• FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
• OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
• 0 EXISTS
• 0 RECENT
• OK [UIDVALIDITY 1510573115] UIDs valid
• OK [UIDNEXT 1] Predicted next UID 3 OK [READ-WRITE] Select completed (0.005 + 0.000 + 0.004 secs).
• MYRIGHTS shared/archive@example.com/IT-Sachen/blablub lrwstipekxacd 4 OK Myrights completed (0.001 + 0.000 secs).

• idling

• OK Still here 5 OK Idle completed (4.007 + 4.006 + 4.006 secs). 6 OK NOOP completed (0.001 + 0.000 secs).

• idling 7 OK Idle completed (42.014 + 42.013 + 42.013 secs). 8 OK List completed (0.015 + 0.000 + 0.014 secs). 9 OK Close completed (0.001 + 0.000 secs). 10 NO [NOPERM] Permission denied (0.005 + 0.000 + 0.004 secs).

I don't understand why there's a permission denied because doveadm tells something else. The shared mailbox folder ist the inbox of the account archive@example.com

What has to be changed that it's possible to save messages or to create folders in resp. under a shared inbox, or is this not possible?

Any suggestion is welcome.

Tia Thomas

My configuration:

# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 2.6.32-696.13.2.el6.x86_64 x86_64 CentOS release 6.9 (Final) ext4 auth_debug = yes auth_debug_passwords = yes auth_master_user_separator = * auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it doveadm_port = 12345 imap_max_line_length = 2 M mail_debug = yes mail_location = maildir:/export/home/imap/%Lu/Maildir mail_plugins = acl mail_log notify mailbox_idle_check_interval = 10 secs mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace { hidden = no ignore_on_failure = no inbox = no list = children location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u prefix = shared/%%u/ separator = / subscriptions = yes type = shared } namespace inbox { hidden = no inbox = yes list = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX/ separator = / type = private } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } plugin { acl = vfile:/etc/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/export/home/shared-db/shared-mailboxes mail_log_events = append delete undelete expunge copy mailbox_delete mailbox_rename flag_change mail_log_fields = uid box msgid size from flags mail_replica = tcp:mail2.example.com sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global = /var/lib/dovecot/sieve/global/ sieve_user_log = ~/.dovecot.sieve.log } protocols = imap pop3 lmtp sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = vmail } unix_listener replication-notify { mode = 0666 user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } service config { unix_listener config { user = vmail } } service doveadm { inet_listener { port = 12345 } user = vmail } service imap-login { inet_listener imaps { port = 993 ssl = yes } process_limit = 500 process_min_avail = 20 } service imap { executable = imap postlogin } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieve_deprecated { port = 2000 } } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } service pop3 { executable = pop3 postlogin } service postlogin { executable = script-login -d rawlog } service replicator { unix_listener replicator-doveadm { mode = 0666 } } ssl = required ssl_cert = </etc/pki/dovecot/certs/mail2.example.com.crt_chain ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!EXPORT ssl_key = # hidden, use -P to show it ssl_protocols = !SSLv3 !SSLv2 syslog_facility = local6 userdb { args = /etc/dovecot/dovecot-ldap-userdb.conf.ext driver = ldap } protocol lmtp { mail_plugins = acl mail_log notify sieve } protocol imap { mail_max_userip_connections = 100 mail_plugins = acl mail_log notify imap_acl rawlog_dir = /tmp/rawlog/%u }