[Dovecot] Dovecot public folders ACL

Jeff Turner jeff at atlassian.com
Mon Aug 28 03:52:13 EEST 2006 

After trying and failing to do the same thing, I'm also curious about
this. Do ACLs simply not work with shared folders? If so, what's the
point of ACLs? Only shared resources need access control in the first
place.


--Jeff

On Thu, Aug 17, 2006 at 12:24:35PM +0300, typus vulgaris wrote:
> Hi, all!
> 
> I'm new to dovecot but trying to setup read-only public folders for
> different user groups.
> 
> My goal is to create several public folder such as sales, operation
> etc with per user index.
> 
> But I have some problem which I can't resolve with Google and Dovecot.Org.
> 
> Now users can see and subscribe to test folder "share", but I can't
> block ability to delete messages via ACL.
> 
> Here is file system permissions:
> 
> public/.share ]> ls -la
> total 12
> drwxrwx---  5 share  mail  512 17 авг 12:17 .
> drwxrwx---  6 root   mail  512 17 авг 11:04 ..
> drwxrwx---  2 share  mail  512 17 авг 11:18 cur
> -rwxrwx---  1 root   mail   21 17 авг 10:36 dovecot-acl
> -rwxrwx---  1 root   mail    0 16 авг 17:56 dovecot-shared
> drwxrwx---  2 share  mail  512 17 авг 11:17 new
> drwxrwx---  2 share  mail  512 17 авг 11:17 tmp
> 
> my dovecot-acl file:
> 
> public/.share ]> cat dovecot-acl
> owner lr
> user=typ lr
> 
> But user typ can delete messages. But ACL seems working because if I
> remove letter 'l' from typ's setting he cannot see the folder.
> 
> Here is my config:
> ----------8<------------
> protocols = imap
> ssl_disable = yes
> disable_plaintext_auth = no
> shutdown_clients = yes
> log_path = /var/log/dovecot/sys.log
> info_log_path = /var/log/dovecot/info.log
> login_process_size = 64
> verbose_proctitle = yes
> first_valid_gid = 0
> mail_extra_groups = mail
> default_mail_env = mbox:/var/mail/%u:INDEX=/home/user/%u:INBOX=/var/mail/%u
> namespace private {
>   separator = /
>   prefix =
>   location = maildir:/home/user/%u/.maildir
>   inbox = yes
> }
> namespace public {
>  separator = /
>  prefix = Public/
>  location = 
>  maildir:/home/user/public:CONTROL=/home/user/%u/public/control:INDEX=/home/user/%u/public/index
>  hidden = no
>  inbox  = no
> }
> mbox_read_locks = fcntl
> mbox_write_locks = dotlock fcntl
> mbox_lock_timeout = 300
> mbox_very_dirty_syncs = yes
> umask = 0007
> protocol imap {
>     listen = 192.168.101.1:143
>  mail_plugins = acl
>   imap_client_workarounds = delay-newmail outlook-idle
> }
> 
> protocol pop3 {
>  pop3_uidl_format = %08Xu%08Xv
>  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> }
> auth default {
>  mechanisms = plain
>  passdb pam {
>  }
>  userdb passwd {
>  }
>  user = root
> }
> plugin {
> }
> -----------------8<--------------
> 
> 
> -- 
> typus
> vulgaris

More information about the dovecot mailing list