ACL syntax for setting specified folders within Maildir/ read-only for owner
Hi,
I have dovecot (2.2.16, see dovecot -n at end) installed to /opt on CentOS 6 for access on a local network. I would like to create an archival mail account which will reduce the primary account file size and still make older emails easily accessible. How can I set specified folders in this Maildir read-only with ACL? For example, I included this in the dovecot-acl file to specify protected folders in the archives@ Maildir but it did not work:
"Email 2013/*" user=archives lrs "Email 2014/*" user=archives lrs
Also tried this on folders without spaces with no success (the folders were still delete-able by the user via the Thunderbird client). Each "Email..." folder has several child folders that should also be read-only.
BTW, what is the maximum size for a Maildir that Dovecot can comfortably handle?
Thanks!
Kepa
dovecot -n: # 2.2.16: /opt/dovecot/etc/dovecot/dovecot.conf # OS: Linux 2.6.32-504.12.2.el6.x86_64 x86_64 CentOS release 6.6 (Final) mail_location = maildir:~/Maildir mail_plugins = acl namespace inbox { inbox = yes location = [mailbox info ...] plugin { acl = vfile:/opt/dovecot/etc/dovecot/dovecot-acl } protocols = imap service imap-login { inet_listener imaps { port = 993 ssl = yes } } ssl_cert =
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 3 Apr 2015, kepa wrote:
I have dovecot (2.2.16, see dovecot -n at end) installed to /opt on CentOS 6 for access on a local network. I would like to create an archival mail account which will reduce the primary account file size and still make older emails easily accessible. How can I set specified folders in this Maildir read-only with ACL? For example, I included this in the dovecot-acl file to
see: http://wiki2.dovecot.org/ACL
There is the "owner" identifier. But, IMHO, the owner always has the permission to change the ACLs.
specify protected folders in the archives@ Maildir but it did not work:
"Email 2013/*" user=archives lrs "Email 2014/*" user=archives lrs
The user is named "archives"?
Also tried this on folders without spaces with no success (the folders were still delete-able by the user via the Thunderbird client). Each "Email..." folder has several child folders that should also be read-only.
Better use doveadm acl add command to change ACLs. For whatever reason, I found the ACLs may not get effective immediately otherwise. If you really want to have readonly-Submailboxes, you need to do it via filesystem permissions.
BTW, what is the maximum size for a Maildir that Dovecot can comfortably handle?
I haven't found a mail client, that could cope with Dovecot's limits, so I cannot say. Or to phrase this sentence differently, if there was trouble, the client couldn't cope with the number of messages.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVSUTBHz1H7kL/d9rAQK/CQgAlvSfmUyULh2seLQlfHlloSQ5IoVhVAPV +1VtKuAMcUQ6eUmK5fDXg9ogsmlI8miZIJfz2uSZ2tMcvdxLrd4Yy2KKue0x6LFr +BEb1kWtXZfV8NuCIIveLrizvA+baImU4MybPma1oQ2CNVkfO1RRYmZw+ZkLAxq8 CodUvYp71DGBQBheEBU+zdsguvfRFSxYFCdDYeNCthKTerIoAzxgDf/27JZY1Cph 46TtkvP5eydnrQr2RFlZykUXt6pRQ2PYRyOFgEX2+gK4RMNAsAJNFhQ94p6TAfZe aojQ5M/NEqto4F90FVmdSqCmzO1hO8Je2DdqguIZFkQlrXMPVJpQng== =XuPB -----END PGP SIGNATURE-----
participants (2)
-
kepa
-
Steffen Kaiser