[Dovecot] Acl, Namespace, User Confusion

Jim Horner jhorner at arinbe.com
Sat Aug 19 20:48:03 EEST 2006

> namespace public {
>    separator = .
>    prefix = COMPANY.
>    users = someuser @somegroup
>    location =
> maildir:/home/services/mail/arinbe.com/company/Maildir:CONTROL=%h/shared-se
>ttings/company/control:INDEX=%h/shared-settings/rootmail/index hidden = no
> }

Just to close this out (can be read as "hopefully help someone else" or "I 
like to hear myself talk")...

After spending a few days beating my head against a wall, I finally got this 
to work... 

I had to read and re-read 
http://www.dovecot.org/list/dovecot/2006-June/013683.html. A dovecot-acl file 
is not read from the namespace. So for namespace folders I had to use the 
global vfile:/etc/dovecot-acl folder to create permissions. A dovecot-acl 
file in one of the shared folders trumps the permissions from global vfile:. 
The peculiar feature piece is that because namespace folders are not read it 
doesn't matter for the virtual user. In other words if I have a user named 
company and share its folders, only the company user will read the 
dovecot-acl in its folders. Other users accessing that folder as a shared 
resource will read the global vfile: acl files. This feature worked out great 
for me.

Using the acl plug-in will "turn off" public namespaces until acl files are 
put into place. This was hard to understand at first.

Separating things or locking folders down with unix group permissions is 
pretty much futile. I had to put all my users in all my hosted domains in the 
same group and open the shared folders permissions to 770 (or 660).

All in all, I am happy with the result.



More information about the dovecot mailing list