[Dovecot] ACLs - creating new top level folders
Hi,
I'm wondering, whether it's possible, to define an ACL on the mailbox itself. We use Dovecot 1.2.15 (included in Debian 6) and maildir filesystem layout:
/home/mail01/user1/Maildir/new
/home/mail01/user1/Maildir/cur Inbox
/home/mail01/user1/Maildir/tmp /
/home/mail01/user1/Maildir/.folder1/new
/home/mail01/user1/Maildir/.folder1/cur folder1
/home/mail01/user1/Maildir/.folder1/tmp /
...
Assigning an ACL with full access rights for user2 to the folder Inbox works as expected. user2 can create subfolders of Inbox, too. But he can't create a new folder like folder1 parallel to Inbox. Is there a possibility of defining an ACL on the mailbox of user1 itself? Or do we need to create all subfolders beneath Inbox like this is usual with other IMAP servers?
Ingo
/usr/sbin/dovecot -c /etc/dovecot/dovecot-test.conf -n
# 1.2.15: /etc/dovecot/dovecot-test.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 base_dir: /var/run/dovecot-test/ log_path(default): /var/log/dovecot-test/error.log log_path(imap): /var/log/dovecot-test/error.log log_path(pop3): /var/log/dovecot-test/error.log log_path(managesieve): /var/log/dovecot-test/managesieve.log info_log_path(default): /var/log/dovecot-test/info.log info_log_path(imap): /var/log/dovecot-test/info.log info_log_path(pop3): /var/log/dovecot-test/info.log info_log_path(managesieve): /var/log/dovecot-test/managesieve.log protocols: imap imaps pop3 pop3s managesieve listen(default): *:10143 listen(imap): *:10143 listen(pop3): *:10110 listen(managesieve): *:12000 ssl_listen(default): *:10943 ssl_listen(imap): *:10943 ssl_listen(pop3): *:10995 ssl_listen(managesieve): ssl_cert_file: /etc/ssl/certs/imap-cert.pem ssl_key_file: /etc/ssl/private/imap-key.pem shutdown_clients: no login_dir: /var/run/dovecot-test//login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_max_processes_count: 4096 max_mail_processes: 4096 verbose_proctitle: yes mail_location: maildir:~/Maildir:INDEX=/srv/dovecot/index/%u:CONTROL=/srv/dovecot/control/%u maildir_copy_preserve_filename: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_process_size: 1024 mail_plugins(default): fts fts_squat acl imap_acl mail_plugins(imap): fts fts_squat acl imap_acl mail_plugins(pop3): mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes pop3_lock_session(managesieve): no pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %08Xv%08Xu pop3_uidl_format(managesieve): %08Xu%08Xv namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: Other Users/%%u/ location: maildir:%%h/Maildir:INDEX=/srv/dovecot/index/%%u:CONTROL=/srv/dovecot/control/%%u list: children lda: postmaster_address: postmaster@... mail_plugins: sieve acl quota_full_tempfail: yes auth_socket_path: /var/run/dovecot-test/auth-master log_path: /var/log/dovecot-test/deliver.log info_log_path: /var/log/dovecot-test/deliver.log auth default: cache_size: 1024 cache_negative_ttl: 0 username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@~ master_user_separator: * debug: yes passdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd.masterusers pass: yes master: yes passdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd passdb: driver: pam userdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd socket: type: listen client: path: /var/run/dovecot-test/auth-client mode: 384 user: vmail master: path: /var/run/dovecot-test/auth-master mode: 384 user: vmail plugin: acl: vfile acl_shared_dict: file:/srv/dovecot/lib/shared-mailboxes sieve: ~/.dovecot.sieve sieve_dir: ~/.pysieved fts: squat fts_squat: partial=4 full=10
Hello,
I didn't found a solution for this problem until now.
Is it possible to define an ACL, which allows an user to create a new top level folder in a foreign mailbox which is accessible in a shared namespace?
Creating subfolders within existing top level folders (like Inbox) works, if an appropriate dovecot-acl exists. But in an usual maildir structure, there is no parent folder for top level folders, in which I could place a dovecot-acl file.
Ingo
Am 17.05.2013 02:46, schrieb Ingo Rogalsky:
Hi,
I'm wondering, whether it's possible, to define an ACL on the mailbox itself. We use Dovecot 1.2.15 (included in Debian 6) and maildir filesystem layout:
/home/mail01/user1/Maildir/new
/home/mail01/user1/Maildir/cur Inbox /home/mail01/user1/Maildir/tmp / /home/mail01/user1/Maildir/.folder1/new
/home/mail01/user1/Maildir/.folder1/cur folder1 /home/mail01/user1/Maildir/.folder1/tmp / ...Assigning an ACL with full access rights for user2 to the folder Inbox works as expected. user2 can create subfolders of Inbox, too. But he can't create a new folder like folder1 parallel to Inbox. Is there a possibility of defining an ACL on the mailbox of user1 itself? Or do we need to create all subfolders beneath Inbox like this is usual with other IMAP servers?
Ingo
/usr/sbin/dovecot -c /etc/dovecot/dovecot-test.conf -n
# 1.2.15: /etc/dovecot/dovecot-test.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 base_dir: /var/run/dovecot-test/ log_path(default): /var/log/dovecot-test/error.log log_path(imap): /var/log/dovecot-test/error.log log_path(pop3): /var/log/dovecot-test/error.log log_path(managesieve): /var/log/dovecot-test/managesieve.log info_log_path(default): /var/log/dovecot-test/info.log info_log_path(imap): /var/log/dovecot-test/info.log info_log_path(pop3): /var/log/dovecot-test/info.log info_log_path(managesieve): /var/log/dovecot-test/managesieve.log protocols: imap imaps pop3 pop3s managesieve listen(default): *:10143 listen(imap): *:10143 listen(pop3): *:10110 listen(managesieve): *:12000 ssl_listen(default): *:10943 ssl_listen(imap): *:10943 ssl_listen(pop3): *:10995 ssl_listen(managesieve): ssl_cert_file: /etc/ssl/certs/imap-cert.pem ssl_key_file: /etc/ssl/private/imap-key.pem shutdown_clients: no login_dir: /var/run/dovecot-test//login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_max_processes_count: 4096 max_mail_processes: 4096 verbose_proctitle: yes mail_location: maildir:~/Maildir:INDEX=/srv/dovecot/index/%u:CONTROL=/srv/dovecot/control/%u
maildir_copy_preserve_filename: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_process_size: 1024 mail_plugins(default): fts fts_squat acl imap_acl mail_plugins(imap): fts fts_squat acl imap_acl mail_plugins(pop3): mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes pop3_lock_session(managesieve): no pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %08Xv%08Xu pop3_uidl_format(managesieve): %08Xu%08Xv namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: Other Users/%%u/ location: maildir:%%h/Maildir:INDEX=/srv/dovecot/index/%%u:CONTROL=/srv/dovecot/control/%%u
list: children lda: postmaster_address: postmaster@... mail_plugins: sieve acl quota_full_tempfail: yes auth_socket_path: /var/run/dovecot-test/auth-master log_path: /var/log/dovecot-test/deliver.log info_log_path: /var/log/dovecot-test/deliver.log auth default: cache_size: 1024 cache_negative_ttl: 0 username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@~ master_user_separator: * debug: yes passdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd.masterusers pass: yes master: yes passdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd passdb: driver: pam userdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd socket: type: listen client: path: /var/run/dovecot-test/auth-client mode: 384 user: vmail master: path: /var/run/dovecot-test/auth-master mode: 384 user: vmail plugin: acl: vfile acl_shared_dict: file:/srv/dovecot/lib/shared-mailboxes sieve: ~/.dovecot.sieve sieve_dir: ~/.pysieved fts: squat fts_squat: partial=4 full=10
With v2.2.2: http://hg.dovecot.org/dovecot-2.2/rev/714dfc072d60
Doesn't work for public namespaces though.
On 22.5.2013, at 18.33, rog7993@web.de wrote:
Hello,
I didn't found a solution for this problem until now.
Is it possible to define an ACL, which allows an user to create a new top level folder in a foreign mailbox which is accessible in a shared namespace?
Creating subfolders within existing top level folders (like Inbox) works, if an appropriate dovecot-acl exists. But in an usual maildir structure, there is no parent folder for top level folders, in which I could place a dovecot-acl file.
Ingo
Am 17.05.2013 02:46, schrieb Ingo Rogalsky:
Hi,
I'm wondering, whether it's possible, to define an ACL on the mailbox itself. We use Dovecot 1.2.15 (included in Debian 6) and maildir filesystem layout:
/home/mail01/user1/Maildir/new
/home/mail01/user1/Maildir/cur Inbox /home/mail01/user1/Maildir/tmp / /home/mail01/user1/Maildir/.folder1/new
/home/mail01/user1/Maildir/.folder1/cur folder1 /home/mail01/user1/Maildir/.folder1/tmp / ...Assigning an ACL with full access rights for user2 to the folder Inbox works as expected. user2 can create subfolders of Inbox, too. But he can't create a new folder like folder1 parallel to Inbox. Is there a possibility of defining an ACL on the mailbox of user1 itself? Or do we need to create all subfolders beneath Inbox like this is usual with other IMAP servers?
Ingo
/usr/sbin/dovecot -c /etc/dovecot/dovecot-test.conf -n
# 1.2.15: /etc/dovecot/dovecot-test.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.7 base_dir: /var/run/dovecot-test/ log_path(default): /var/log/dovecot-test/error.log log_path(imap): /var/log/dovecot-test/error.log log_path(pop3): /var/log/dovecot-test/error.log log_path(managesieve): /var/log/dovecot-test/managesieve.log info_log_path(default): /var/log/dovecot-test/info.log info_log_path(imap): /var/log/dovecot-test/info.log info_log_path(pop3): /var/log/dovecot-test/info.log info_log_path(managesieve): /var/log/dovecot-test/managesieve.log protocols: imap imaps pop3 pop3s managesieve listen(default): *:10143 listen(imap): *:10143 listen(pop3): *:10110 listen(managesieve): *:12000 ssl_listen(default): *:10943 ssl_listen(imap): *:10943 ssl_listen(pop3): *:10995 ssl_listen(managesieve): ssl_cert_file: /etc/ssl/certs/imap-cert.pem ssl_key_file: /etc/ssl/private/imap-key.pem shutdown_clients: no login_dir: /var/run/dovecot-test//login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login login_max_processes_count: 4096 max_mail_processes: 4096 verbose_proctitle: yes mail_location: maildir:~/Maildir:INDEX=/srv/dovecot/index/%u:CONTROL=/srv/dovecot/control/%u
maildir_copy_preserve_filename: yes mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_process_size: 1024 mail_plugins(default): fts fts_squat acl imap_acl mail_plugins(imap): fts fts_squat acl imap_acl mail_plugins(pop3): mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes pop3_lock_session(managesieve): no pop3_uidl_format(default): %08Xu%08Xv pop3_uidl_format(imap): %08Xu%08Xv pop3_uidl_format(pop3): %08Xv%08Xu pop3_uidl_format(managesieve): %08Xu%08Xv namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: shared separator: / prefix: Other Users/%%u/ location: maildir:%%h/Maildir:INDEX=/srv/dovecot/index/%%u:CONTROL=/srv/dovecot/control/%%u
list: children lda: postmaster_address: postmaster@... mail_plugins: sieve acl quota_full_tempfail: yes auth_socket_path: /var/run/dovecot-test/auth-master log_path: /var/log/dovecot-test/deliver.log info_log_path: /var/log/dovecot-test/deliver.log auth default: cache_size: 1024 cache_negative_ttl: 0 username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@~ master_user_separator: * debug: yes passdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd.masterusers pass: yes master: yes passdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd passdb: driver: pam userdb: driver: passwd-file args: /etc/dovecot/dovecot-passwd socket: type: listen client: path: /var/run/dovecot-test/auth-client mode: 384 user: vmail master: path: /var/run/dovecot-test/auth-master mode: 384 user: vmail plugin: acl: vfile acl_shared_dict: file:/srv/dovecot/lib/shared-mailboxes sieve: ~/.dovecot.sieve sieve_dir: ~/.pysieved fts: squat fts_squat: partial=4 full=10
Hello,
Am 22.05.2013 18:35, schrieb Timo Sirainen:
With v2.2.2: http://hg.dovecot.org/dovecot-2.2/rev/714dfc072d60
Doesn't work for public namespaces though.
Thanks for this hint. It seems I should upgrade our server in near future.
Public namespaces do not have this problem. While I was looking for a solution for my problem, I also played with them instead of a shared namespace. With this config snippet:
namespace public { separator = / prefix = "Shared\ Folders/" location = maildir:/home/mail01/shared/Maildir:INDEX=/srv/dovecot/index/shared:CONTROL=/srv/dovecot/control/shared subscriptions = no list = children }
This leads to this folder layout:
/home/mail01/shared/Maildir/.project1/cur /home/mail01/shared/Maildir/.project1/new /home/mail01/shared/Maildir/.project1/tmp /home/mail01/shared/Maildir/.project1/dovecot-acl
/home/mail01/shared/Maildir/.project1.bbbb/cur /home/mail01/shared/Maildir/.project1.bbbb/new /home/mail01/shared/Maildir/.project1.bbbb/tmp /home/mail01/shared/Maildir/.project1.bbbb/dovecot-acl /home/mail01/shared/Maildir/.project1.bbbb/maildirfolder
/home/mail01/shared/Maildir/.project1.jjjjj/cur /home/mail01/shared/Maildir/.project1.jjjjj/new /home/mail01/shared/Maildir/.project1.jjjjj/tmp /home/mail01/shared/Maildir/.project1.jjjjj/dovecot-acl /home/mail01/shared/Maildir/.project1.jjjjj/maildirfolder
Now I have a parent folder, where I can place the dovecot-acl file:
/home/mail01/shared/Maildir/.project1/
Probably because this folder is not handled as INBOX like with private and shared namespaces. It would be a little tricky to put new mail in these kind of folders with Dovecot LDA. But it could be done. The next question would be, where to put sieve scripts? The main reason, why I don't like this solution, is the fear, that this can be problematic from a performance view. Access permissions of public namespaces are not listed in the file "shared-mailboxes". What if the folder "/home/mail01/shared/Maildir" contains some thousand subfolders? Is this a problem, because every imap process have to open all dovecot-acl files in these directories?
Ingo Rogalsky
participants (3)
-
Ingo Rogalsky
-
rog7993@web.de
-
Timo Sirainen