[Dovecot] Per-user seen flags for public read-only mailboxes
Hi,
I have some trouble getting per-user SEEN-flags to work with read-only mailboxes in a public namespace. Basically, I'm following the wiki at http://wiki2.dovecot.org/SharedMailboxes/Public#Maildir:_Per-user_.2BAFw-See... and the relevant configuration is as follows:
namespace { inbox = yes location = prefix = separator = / type = private } namespace { location = maildir:/srv/mail/public:LAYOUT=fs:INDEX=~/public prefix = Public/ separator = / subscriptions = no type = public } plugin { acl = vfile ... } protocol imap { mail_plugins = " acl quota trash zlib autocreate imap_acl imap_quota imap_zlib" }
I have a virtual-user setup with static userdb and there is no permissions problem since everything is created through dovecot:
mail_gid = vmail mail_location = mdbox:~/mdbox mail_uid = vmail [...] userdb { args = uid=vmail gid=vmail home=/srv/mail/virtual/%n driver = static }
The content of /srv/mail/public/dovecot-acl (and the one of all mailboxes below it) is:
owner lrwstipekxa authenticated lr
Users can access all mailboxes in the Public/ namespace and read the messages and I can see that dovecot.index.cache and dovecot.index.log are created under ~/public, however setting the SEEN flag for a message is ignored since the mailbox is read-only. Changing the ACL from
authenticated lr
to
authenticated lrs
allows user to set the SEEN flag, but globally on the actual mailbox. How can I get per-user SEEN flags to work? The Dovecot version is 2.0.9.
Thanks,
Guido Berhoerster
On 2013-03-25 09:11, Guido Berhoerster wrote:
How can I get per-user SEEN flags to work?
Hi,
You have to create an empty file named '**dovecot-shared' in your '/srv/mail/public/' directory.
Here the reference on dovecot wiki:
http://wiki2.dovecot.org/SharedMailboxes/Public?highlight=%28dovecot-shared%...
I've waste a lot of time first time I've configure the same thing on our server ....
Cheers, Marco
--
|Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it |
- Marco Giunta <giunta@sissa.it> [2013-03-25 08:57]:
[-- Attachment #1 --] [-- Type: multipart/alternative, Encoding: 7bit, Size: 4.8K --]
On 2013-03-25 09:11, Guido Berhoerster wrote:
How can I get per-user SEEN flags to work?
Hi,
You have to create an empty file named '**dovecot-shared' in your '/srv/mail/public/' directory.
Here the reference on dovecot wiki:
http://wiki2.dovecot.org/SharedMailboxes/Public?highlight=%28dovecot-shared%...
I've waste a lot of time first time I've configure the same thing on our server ....
D'uh, I totally overlooked that these have to be created manually. So now I've created these on the toplevel, and in every mailbox below and I've changed all dovecot-acl files from authenticated lr to authenticated lrs and restarted dovecot, yet the mailboxes are still marked read-only and setting the seen flag is ignored. Somehow I thought I did the same change to the acl files and it worked as expected (except the per-user flag of course). Anything else I have to do to allow seen flags to be set?
Guido Berhoerster
On 2013-03-25 11:07, Guido Berhoerster wrote:
Anything else I have to do to allow seen flags to be set? I've the same configuration and it works like expected :
mail_uid = vmail mail_gid = mail
namespace public { separator = / prefix = Public/ location = maildir:/path/to/public:INDEX=/path/to/indexes/%u/public subscriptions = no list = children }
Which are the permissions of file '/srv/mail/public/dovecot-shared' ???
Did you try with a new user ??
Marco
--
|Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it |
- Marco Giunta <giunta@sissa.it> [2013-03-25 10:45]:
[-- Attachment #1 --] [-- Type: multipart/alternative, Encoding: 7bit, Size: 4.8K --]
On 2013-03-25 11:07, Guido Berhoerster wrote:
Anything else I have to do to allow seen flags to be set? I've the same configuration and it works like expected :
mail_uid = vmail mail_gid = mail
namespace public { separator = / prefix = Public/ location = maildir:/path/to/public:INDEX=/path/to/indexes/%u/public subscriptions = no list = children }
Which are the permissions of file '/srv/mail/public/dovecot-shared' ???
-rw-r-----. 1 vmail vmail 0 Mar 25 10:22 /srv/mail/public/dovecot-shared
So readable by dovecot, even if they weren't the seen flag should be set on the actual mailbox I suppose.
Did you try with a new user ??
Yeah, I created a new user and also tried removing dovecot-acl-list to no avail. Is there any cache that might cause the ACL not to be updated?
Is "authenticated lrs" in the dovecot-acl correct for a read-only mailbox for which only the seen flag can be set?
Guido Berhoerster
On 2013-03-25 11:59, Guido Berhoerster wrote:
Is "authenticated lrs" in the dovecot-acl correct for a read-only mailbox for which only the seen flag can be set?
We are using 'anyone' instead of 'authenticated', but I don't think this could be the problem:
# cat |/path/to/public/dovecot-acl|
anyone lrs user=johndoe lrwstipekxa
--
|Marco Giunta - SISSA Computer Staff| |Via Bonomea, 265 | |34136 - Trieste, Italy | |Tel: +39-40-3787-503 | |Fax: +39-040-3787-244 | |e-mail: marco.giunta AT sissa.it |
On Mon, 2013-03-25 at 11:59 +0100, Guido Berhoerster wrote:
Which are the permissions of file '/srv/mail/public/dovecot-shared' ???
-rw-r-----. 1 vmail vmail 0 Mar 25 10:22 /srv/mail/public/dovecot-shared
So readable by dovecot, even if they weren't the seen flag should be set on the actual mailbox I suppose.
Did you try with a new user ??
Yeah, I created a new user and also tried removing dovecot-acl-list to no avail. Is there any cache that might cause the ACL not to be updated?
Is "authenticated lrs" in the dovecot-acl correct for a read-only mailbox for which only the seen flag can be set?
Find out if the problem is setting the seen flag, or something more generic with ACLs. So easiest way to test private seen flags: Disable ACL plugin.
- Timo Sirainen <tss@iki.fi> [2013-03-25 13:29]:
On Mon, 2013-03-25 at 11:59 +0100, Guido Berhoerster wrote:
Which are the permissions of file '/srv/mail/public/dovecot-shared' ???
-rw-r-----. 1 vmail vmail 0 Mar 25 10:22 /srv/mail/public/dovecot-shared
So readable by dovecot, even if they weren't the seen flag should be set on the actual mailbox I suppose.
Did you try with a new user ??
Yeah, I created a new user and also tried removing dovecot-acl-list to no avail. Is there any cache that might cause the ACL not to be updated?
Is "authenticated lrs" in the dovecot-acl correct for a read-only mailbox for which only the seen flag can be set?
Find out if the problem is setting the seen flag, or something more generic with ACLs. So easiest way to test private seen flags: Disable ACL plugin.
Disabling the ACL plugin makes it work and the seen flags are stored per-user. So it is apparently a problem with ACLs. Here is the contents of the only mailbox in the Public/ namespace:
drwxrwx---. 3 root vmail 4096 Mar 25 15:31 /srv/mail/public -rw-rw----. 1 vmail vmail 36 Mar 25 10:41 /srv/mail/public/dovecot-acl -rw-rw----. 1 vmail vmail 0 Mar 25 15:31 /srv/mail/public/dovecot-acl-list -rw-------. 1 vmail vmail 30 Mar 25 15:27 /srv/mail/public/maildirsize drwxrwx---. 5 vmail vmail 4096 Mar 25 15:32 /srv/mail/public/Test -rw-rw----. 1 vmail vmail 36 Mar 25 10:41 /srv/mail/public/Test/dovecot-acl drwxrwx---. 2 vmail vmail 4096 Mar 25 15:27 /srv/mail/public/Test/tmp drwxrwx---. 2 vmail vmail 4096 Mar 25 15:27 /srv/mail/public/Test/cur -rw-rw----. 1 vmail vmail 592 Mar 9 15:17 /srv/mail/public/Test/cur/634c300070443b517913000020523daa:2,S -rw-rw----. 1 vmail vmail 556 Mar 13 19:13 /srv/mail/public/Test/cur/626be511e4c14051bf1a000020523daa:2,S drwxrwx---. 2 vmail vmail 4096 Mar 25 15:24 /srv/mail/public/Test/new -rw-rw----. 1 vmail vmail 0 Mar 25 15:24 /srv/mail/public/Test/dovecot-shared -rw-rw----. 1 vmail vmail 123 Mar 25 15:27 /srv/mail/public/Test/dovecot-uidlist -rw-r-----. 1 vmail vmail 0 Mar 25 10:22 /srv/mail/public/dovecot-shared -r--r--r--. 1 vmail vmail 0 Mar 25 15:26 /srv/mail/public/dovecot-uidvalidity.51505eac -rw-rw----. 1 vmail vmail 8 Mar 25 15:26 /srv/mail/public/dovecot-uidvalidity
$ cat /srv/mail/public/dovecot-acl /srv/mail/public/Test/dovecot-acl owner lrwstipekxa authenticated lrs owner lrwstipekxa authenticated lrs
ACL related configuration:
mail_plugins = " acl quota trash zlib"
plugin { acl = vfile ... } protocol lmtp { mail_plugins = " acl quota trash zlib sieve" } protocol lda { mail_plugins = " acl quota trash zlib sieve" } protocol imap { mail_plugins = " acl quota trash zlib autocreate imap_acl imap_quota imap_zlib" }
Any idea what the problem could be here?
Guido Berhoerster
I should probably add that the ACL file in the public mailbox is read correctly according to the logs: Mar 25 15:53:34 imap(gber@test.invalid): Debug: acl vfile: reading file /srv/mail/public/Test/dovecot-acl
Guido Berhoerster
- Timo Sirainen <tss@iki.fi> [2013-03-25 12:12]:
On Mon, 2013-03-25 at 11:59 +0100, Guido Berhoerster wrote:
Which are the permissions of file '/srv/mail/public/dovecot-shared' ???
-rw-r-----. 1 vmail vmail 0 Mar 25 10:22 /srv/mail/public/dovecot-shared
So readable by dovecot, even if they weren't the seen flag should be set on the actual mailbox I suppose.
Did you try with a new user ??
Yeah, I created a new user and also tried removing dovecot-acl-list to no avail. Is there any cache that might cause the ACL not to be updated?
Is "authenticated lrs" in the dovecot-acl correct for a read-only mailbox for which only the seen flag can be set?
Find out if the problem is setting the seen flag, or something more generic with ACLs. So easiest way to test private seen flags: Disable ACL plugin.
So I did some further experimenting and either disabling the ACL plugin or changing permissions to "authenticated lrws" makes a mailbox not read-only and allows storing the seen flag on a per-user basis. Am I still doing something wrong or is this a bug in dovecot 2.0.9?
Guido Berhoerster
participants (3)
-
Guido Berhoerster
-
Marco Giunta
-
Timo Sirainen