Mapping other Inbox method (symlink vs ACL)
Hi, I am trying to map a account(bob@mydomain.com) to help@mydomain.com. I would like him to see/access Inbox,Sent,Junk,Trash of help@mydomain.com . What would you reckon would be the best way to do this? ACL or Symlink?
With symlink, I dont think I will be able to set permissions. Is it possible to use ACL to get the entire email account access(the inbox, junk, sent etc.)?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 5 May 2015, Kevin Laurie wrote:
I am trying to map a account(bob@mydomain.com) to help@mydomain.com. I would like him to see/access Inbox,Sent,Junk,Trash of help@mydomain.com . What would you reckon would be the best way to do this? ACL or Symlink?
to suggest a "best way" we would need to know more about your Dovecot installation.
With symlink, I dont think I will be able to set permissions.
What permissions you are talking of?
Is it possible to use ACL to get the entire email account access(the inbox, junk, sent etc.)?
With ACLs help can allow bob to access selected mailboxes with selected IMAP permissions, if bob may access the mail storage of help on file system level. ACLs are more powerful, but require more setup.
I use both ways:
ACLs to share mailboxes in general, which appear in the users branch, and symlinks to place SPAM reporting mailboxes right into the namespace of each user.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVUmxg3z1H7kL/d9rAQLuHwf/SdVE/ZAH4Tf4/H0EacRvNEn08qUOROGq eKLpd0p/TFpbHQxfM0YLazH9QEJBIP5mpRWa5U0WVzFiLTfR1UgVPcS3xjJnq+Pl uR9/vQfUpn/B+viGCsTB8ItKCnTF892mCsiUbiFEs7BeF5jdoTOdHCsHorJL/UKa bmpTD1ORUeKcA7m075jhTVDB6jwgWRELItIx9W2sqHBu+wfWfMp5lv3qSyOXPLtH onz+aUYhzAepuAhVI36feMUEwZhzHF+3fvzJmKZJSEQ3BwEZOm0eOqeba4gk52KC rSCwLZ2aDEwAx9L95MmT+B08M6ChNOuILTiYFlv0o/3G3Qt8qhqHhA== =Q36P -----END PGP SIGNATURE-----
Dear Steffen, Thanks for your feedback. Appreciate it. By permission I mean (read, write, look-up seen). I dont think symlink will allow these features. ACL does support such features. Only problem is that I have to setacl for individual boxes (ie Inbox,Sent,Junk etc.)
On Wed, May 6, 2015 at 1:15 PM, Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 5 May 2015, Kevin Laurie wrote:
I am trying to map a account(bob@mydomain.com) to help@mydomain.com. I would like him to see/access Inbox,Sent,Junk,Trash of help@mydomain.com . What would you reckon would be the best way to do this? ACL or Symlink?
to suggest a "best way" we would need to know more about your Dovecot installation.
With symlink, I dont think I will be able to set permissions.
What permissions you are talking of?
Is it possible to use ACL to get the entire email account access(the inbox, junk, sent etc.)?
With ACLs help can allow bob to access selected mailboxes with selected IMAP permissions, if bob may access the mail storage of help on file system level. ACLs are more powerful, but require more setup.
I use both ways:
ACLs to share mailboxes in general, which appear in the users branch, and symlinks to place SPAM reporting mailboxes right into the namespace of each user.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVUmxg3z1H7kL/d9rAQLuHwf/SdVE/ZAH4Tf4/H0EacRvNEn08qUOROGq eKLpd0p/TFpbHQxfM0YLazH9QEJBIP5mpRWa5U0WVzFiLTfR1UgVPcS3xjJnq+Pl uR9/vQfUpn/B+viGCsTB8ItKCnTF892mCsiUbiFEs7BeF5jdoTOdHCsHorJL/UKa bmpTD1ORUeKcA7m075jhTVDB6jwgWRELItIx9W2sqHBu+wfWfMp5lv3qSyOXPLtH onz+aUYhzAepuAhVI36feMUEwZhzHF+3fvzJmKZJSEQ3BwEZOm0eOqeba4gk52KC rSCwLZ2aDEwAx9L95MmT+B08M6ChNOuILTiYFlv0o/3G3Qt8qhqHhA== =Q36P -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 6 May 2015, Kevin Laurie wrote:
By permission I mean (read, write, look-up seen). I dont think symlink will allow these features.
Symlinks grant all IMAP permissions, the filesystem level permits. That is, with symlinks you cannot selectivly deny permissions easily.
ACL does support such features. Only problem is that I have to setacl for individual boxes (ie Inbox,Sent,Junk etc.)
There are front ends for IMAP ACLs and more importantly for your current situation:
http://wiki2.dovecot.org/Tools/Doveadm/ACL
Works great. If you search the list, you will find posts how to grant permissions for several or all mailboxes of one account with a tool chain using "doveadm mailbox list ".
On Wed, May 6, 2015 at 1:15 PM, Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 5 May 2015, Kevin Laurie wrote:
I am trying to map a account(bob@mydomain.com) to help@mydomain.com. I would like him to see/access Inbox,Sent,Junk,Trash of help@mydomain.com . What would you reckon would be the best way to do this? ACL or Symlink?
to suggest a "best way" we would need to know more about your Dovecot installation.
With symlink, I dont think I will be able to set permissions.
What permissions you are talking of?
Is it possible to use ACL to get the entire email account access(the inbox, junk, sent etc.)?
With ACLs help can allow bob to access selected mailboxes with selected IMAP permissions, if bob may access the mail storage of help on file system level. ACLs are more powerful, but require more setup.
I use both ways:
ACLs to share mailboxes in general, which appear in the users branch, and symlinks to place SPAM reporting mailboxes right into the namespace of each user.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVUmxg3z1H7kL/d9rAQLuHwf/SdVE/ZAH4Tf4/H0EacRvNEn08qUOROGq eKLpd0p/TFpbHQxfM0YLazH9QEJBIP5mpRWa5U0WVzFiLTfR1UgVPcS3xjJnq+Pl uR9/vQfUpn/B+viGCsTB8ItKCnTF892mCsiUbiFEs7BeF5jdoTOdHCsHorJL/UKa bmpTD1ORUeKcA7m075jhTVDB6jwgWRELItIx9W2sqHBu+wfWfMp5lv3qSyOXPLtH onz+aUYhzAepuAhVI36feMUEwZhzHF+3fvzJmKZJSEQ3BwEZOm0eOqeba4gk52KC rSCwLZ2aDEwAx9L95MmT+B08M6ChNOuILTiYFlv0o/3G3Qt8qhqHhA== =Q36P -----END PGP SIGNATURE-----
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVUm+1Xz1H7kL/d9rAQKe6QgAnKH2zKVKZzfawIEwhpd4qY1fXP1dXNvA Ymzsf4i2MSG2hg8d1Nw91kxPQxmamHq98HLgHFjWy9of/5zW8I23iOAjxgJMpypY pXha/1T1W4rDoF7wnpHSWdkGtyFW4bQu3T1vNfU12bLw/d1ehdgcDjLHdYDncKyh ZZdFQ2BpPYyiHs3+KnZVqixdFna9+lEMOMJddVI1+8dTfRf3JlfZptEbhOp501ko w/slmqMzpZsx/+20QzI+pXh+jmQy0FFAJh8z0mWsnxdJqNbf9zSmSmvCy4lwirhL Mht3x2mudhcGk5l3Z+R86QxJiElEWpzdFv0JJRQp1oRwljAncasCGA== =cNmt -----END PGP SIGNATURE-----
Dear Steffan, Noted. Thanks for your feedback! Best Regards Kevin
On Wed, May 6, 2015 at 2:12 PM, Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 6 May 2015, Kevin Laurie wrote:
By permission I mean (read, write, look-up seen). I dont think symlink will allow these features.
Symlinks grant all IMAP permissions, the filesystem level permits. That is, with symlinks you cannot selectivly deny permissions easily.
ACL does support such features. Only problem is that I have to setacl for individual boxes (ie Inbox,Sent,Junk etc.)
There are front ends for IMAP ACLs and more importantly for your current situation:
http://wiki2.dovecot.org/Tools/Doveadm/ACL
Works great. If you search the list, you will find posts how to grant permissions for several or all mailboxes of one account with a tool chain using "doveadm mailbox list ".
On Wed, May 6, 2015 at 1:15 PM, Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 5 May 2015, Kevin Laurie wrote:
I am trying to map a account(bob@mydomain.com) to help@mydomain.com. I would like him to see/access Inbox,Sent,Junk,Trash of help@mydomain.com . What would you reckon would be the best way to do this? ACL or Symlink?
to suggest a "best way" we would need to know more about your Dovecot installation.
With symlink, I dont think I will be able to set permissions.
What permissions you are talking of?
Is it possible to use ACL to get the entire email account access(the inbox, junk, sent etc.)?
With ACLs help can allow bob to access selected mailboxes with selected IMAP permissions, if bob may access the mail storage of help on file system level. ACLs are more powerful, but require more setup.
I use both ways:
ACLs to share mailboxes in general, which appear in the users branch, and symlinks to place SPAM reporting mailboxes right into the namespace of each user.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVUmxg3z1H7kL/d9rAQLuHwf/SdVE/ZAH4Tf4/H0EacRvNEn08qUOROGq eKLpd0p/TFpbHQxfM0YLazH9QEJBIP5mpRWa5U0WVzFiLTfR1UgVPcS3xjJnq+Pl uR9/vQfUpn/B+viGCsTB8ItKCnTF892mCsiUbiFEs7BeF5jdoTOdHCsHorJL/UKa bmpTD1ORUeKcA7m075jhTVDB6jwgWRELItIx9W2sqHBu+wfWfMp5lv3qSyOXPLtH onz+aUYhzAepuAhVI36feMUEwZhzHF+3fvzJmKZJSEQ3BwEZOm0eOqeba4gk52KC rSCwLZ2aDEwAx9L95MmT+B08M6ChNOuILTiYFlv0o/3G3Qt8qhqHhA== =Q36P -----END PGP SIGNATURE-----
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVUm+1Xz1H7kL/d9rAQKe6QgAnKH2zKVKZzfawIEwhpd4qY1fXP1dXNvA Ymzsf4i2MSG2hg8d1Nw91kxPQxmamHq98HLgHFjWy9of/5zW8I23iOAjxgJMpypY pXha/1T1W4rDoF7wnpHSWdkGtyFW4bQu3T1vNfU12bLw/d1ehdgcDjLHdYDncKyh ZZdFQ2BpPYyiHs3+KnZVqixdFna9+lEMOMJddVI1+8dTfRf3JlfZptEbhOp501ko w/slmqMzpZsx/+20QzI+pXh+jmQy0FFAJh8z0mWsnxdJqNbf9zSmSmvCy4lwirhL Mht3x2mudhcGk5l3Z+R86QxJiElEWpzdFv0JJRQp1oRwljAncasCGA== =cNmt -----END PGP SIGNATURE-----
Hi Steffan,
How do I specify the entire mailbox? I only use ACL via telnet. I tried to use *(wildcard) to indicate entire mailbox but I guess that does not work. Will keep looking but appreciate if you could advise briefly. Thanks Kevin
On Thu, May 7, 2015 at 3:05 AM, Kevin Laurie <superinterstellar@gmail.com> wrote:
Dear Steffan, Noted. Thanks for your feedback! Best Regards Kevin
On Wed, May 6, 2015 at 2:12 PM, Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 6 May 2015, Kevin Laurie wrote:
By permission I mean (read, write, look-up seen). I dont think symlink will allow these features.
Symlinks grant all IMAP permissions, the filesystem level permits. That is, with symlinks you cannot selectivly deny permissions easily.
ACL does support such features. Only problem is that I have to setacl for individual boxes (ie Inbox,Sent,Junk etc.)
There are front ends for IMAP ACLs and more importantly for your current situation:
http://wiki2.dovecot.org/Tools/Doveadm/ACL
Works great. If you search the list, you will find posts how to grant permissions for several or all mailboxes of one account with a tool chain using "doveadm mailbox list ".
On Wed, May 6, 2015 at 1:15 PM, Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 5 May 2015, Kevin Laurie wrote:
I am trying to map a account(bob@mydomain.com) to help@mydomain.com. I would like him to see/access Inbox,Sent,Junk,Trash of help@mydomain.com . What would you reckon would be the best way to do this? ACL or Symlink?
to suggest a "best way" we would need to know more about your Dovecot installation.
With symlink, I dont think I will be able to set permissions.
What permissions you are talking of?
Is it possible to use ACL to get the entire email account access(the inbox, junk, sent etc.)?
With ACLs help can allow bob to access selected mailboxes with selected IMAP permissions, if bob may access the mail storage of help on file system level. ACLs are more powerful, but require more setup.
I use both ways:
ACLs to share mailboxes in general, which appear in the users branch, and symlinks to place SPAM reporting mailboxes right into the namespace of each user.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVUmxg3z1H7kL/d9rAQLuHwf/SdVE/ZAH4Tf4/H0EacRvNEn08qUOROGq eKLpd0p/TFpbHQxfM0YLazH9QEJBIP5mpRWa5U0WVzFiLTfR1UgVPcS3xjJnq+Pl uR9/vQfUpn/B+viGCsTB8ItKCnTF892mCsiUbiFEs7BeF5jdoTOdHCsHorJL/UKa bmpTD1ORUeKcA7m075jhTVDB6jwgWRELItIx9W2sqHBu+wfWfMp5lv3qSyOXPLtH onz+aUYhzAepuAhVI36feMUEwZhzHF+3fvzJmKZJSEQ3BwEZOm0eOqeba4gk52KC rSCwLZ2aDEwAx9L95MmT+B08M6ChNOuILTiYFlv0o/3G3Qt8qhqHhA== =Q36P -----END PGP SIGNATURE-----
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVUm+1Xz1H7kL/d9rAQKe6QgAnKH2zKVKZzfawIEwhpd4qY1fXP1dXNvA Ymzsf4i2MSG2hg8d1Nw91kxPQxmamHq98HLgHFjWy9of/5zW8I23iOAjxgJMpypY pXha/1T1W4rDoF7wnpHSWdkGtyFW4bQu3T1vNfU12bLw/d1ehdgcDjLHdYDncKyh ZZdFQ2BpPYyiHs3+KnZVqixdFna9+lEMOMJddVI1+8dTfRf3JlfZptEbhOp501ko w/slmqMzpZsx/+20QzI+pXh+jmQy0FFAJh8z0mWsnxdJqNbf9zSmSmvCy4lwirhL Mht3x2mudhcGk5l3Z+R86QxJiElEWpzdFv0JJRQp1oRwljAncasCGA== =cNmt -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 7 May 2015, Kevin Laurie wrote:
How do I specify the entire mailbox? I only use ACL via telnet. I tried to use *(wildcard) to indicate entire mailbox but I guess that does not work.
IMAP ACLs do work for one mailbox (in the meaning of one mail folder) only. The command line tool doveadm, that you can run on the mail server itself, can do it easily.
If you need to do it over IMAP, use some scripting.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVUr7rnz1H7kL/d9rAQLA3wf+P1Gpus/htx3wQ3XHi7YMwKdZ+ufmqlfj pQz8IqAiBjV2N0GFO4m0Elk5bamSFkI+MjzdYgAJEAG6O7ArJTIhwORPkiTDMcCY pfMHOufegPjVQsKjCvGLrhX48q9uxk/ww1itCPb4egVwgIZovdvrEFpMbXuLnSUz Uh4nTrQ7fUA5EgDciZK7jZAmMmXZRvophPEj/zIG8bDGYA6VvevhRYiUJ45On6Dc jwJV3+o81E63yNiBhiWwsuIGhNHjAQ0JMrdznB+58pLXvkNgs4OvqFK/8TykGay8 fXnZOTtrYa8sKVA9gZFzp8m6brkvCuQGB7UEJLszA0N9EcrXcUpxWQ== =2tdP -----END PGP SIGNATURE-----
participants (2)
-
Kevin Laurie
-
Steffen Kaiser