Recursive doveadm acl add for shared mailbox
Hello,
I have a shared mailbox (e.g. "info@example.org") and want to give a new user (e.g. "john.doe@example.org") access.
I can use: doveadm acl add -u info@example.org INBOX user=john.doe@example.org create delete expunge insert lookup post read write write-deleted write-seen
Unfortunately, the shared mailbox contains several nested folders. And the new user needs to access these, too.
So I probably had to use doveadm acl add -u info@example.org .INBOX.SubfolderXY user=john.doe@example.org create delete expunge insert lookup post read write write-deleted write-seen ... for each and every subfolder.
Is there a way to give permissions recursively? INBOX and all (sub-)subfolders?
And, by the way, do I have to use doveadm acl recalc -u info@example.org OR doveadm acl recalc -u john.doe@example.org after that? At the moment I always do both.
Thank you! Reg
On 17/12/2024 13:40 EET r.barclay--- via dovecot <dovecot@dovecot.org> wrote:
Hello,
I have a shared mailbox (e.g. "info@example.org") and want to give a new user (e.g. "john.doe@example.org") access.
I can use: doveadm acl add -u info@example.org INBOX user=john.doe@example.org create delete expunge insert lookup post read write write-deleted write-seen
Unfortunately, the shared mailbox contains several nested folders. And the new user needs to access these, too.
So I probably had to use doveadm acl add -u info@example.org .INBOX.SubfolderXY user=john.doe@example.org create delete expunge insert lookup post read write write-deleted write-seen ... for each and every subfolder.
Is there a way to give permissions recursively? INBOX and all (sub-)subfolders?
And, by the way, do I have to use doveadm acl recalc -u info@example.org OR doveadm acl recalc -u john.doe@example.org after that? At the moment I always do both.
Thank you! Reg
Please see https://doc.dovecot.org/2.3/configuration_manual/acl/#acl-inheritance-and-de...
Aki
Please see https://doc.dovecot.org/2.3/configuration_manual/acl/#acl-inheritance-and-de...
Thank you for your quick response!
I've already read that page multiple times but I'm still not sure what I could do.
If doveadm has no such feature, one could think about writing a shell script that queries all Maildir (sub)folders and runs the doveadm acl add for each entry. But I guess someone else must have had this task before me, so I hoped there is a "standard approach".
And, one more question: Is "doveadm acl recalc -u" for the shared mailbox or for the single user that is given access or must it be run for both?
If doveadm has no such feature, one could think about writing a shell script that queries all Maildir (sub)folders and runs the doveadm acl add for each entry. But I guess someone else must have had this task before me, so I hoped there is a "standard approach". A more portable approach than getting subfolders is to get all mailboxes with
doveadm mailbox list -u $user. It's what I do in one of our scripts.
participants (3)
-
Aki Tuomi
-
Markus Bach
-
r.barclay@habmalnefrage.de