[Dovecot] Dovecot public folders ACL

Mon Aug 28 10:54:12 EEST 2006

Hi Jeff,

After I have read this post from your namesake I have made it works!
http://dovecot.org/pipermail/dovecot/2006-August/015634.html

Main idea is that dovecot-acl file in public/shared folder is read
only by owner!

To make it read by other users you have to define global vfile folder
in plugin ACL.

I have defined in dovecot.conf like this:

plugin {
      acl = vfile:/usr/local/etc/dovecot-acls
}

As I have folder separator /  I have to create in
/usr/local/etc/dovecot-acls folders that named as my public folders in
location for public folders like this:
/usr/local/etc/dovecot-acls/share/ as I have public folder in
/home/user/public/.share/

In /home/user/public/.share/ I have created dovecot-share file and in
/usr/local/etc/dovecot-acls/share/ I have created .DEFAUL file which
contain real ACL:
user=someuser lr

And it did the trick!

So I want to say that http://wiki.dovecot.org/ACL does not clearly
explain the process :(

Hope my post will help someone...

PS. Thanks to Jeff Horner for make it clear for me...

2006/8/28, Jeff Turner <jeff at atlassian.com>:
> After trying and failing to do the same thing, I'm also curious about
> this. Do ACLs simply not work with shared folders? If so, what's the
> point of ACLs? Only shared resources need access control in the first
> place.
>
>
> --Jeff
>
> On Thu, Aug 17, 2006 at 12:24:35PM +0300, typus vulgaris wrote:
> > Hi, all!
> >
> > I'm new to dovecot but trying to setup read-only public folders for
> > different user groups.
> >
> > My goal is to create several public folder such as sales, operation
> > etc with per user index.
> >
> > But I have some problem which I can't resolve with Google and Dovecot.Org.
> >
> > Now users can see and subscribe to test folder "share", but I can't
> > block ability to delete messages via ACL.
> >
> > Here is file system permissions:
> >
> > public/.share ]> ls -la
> > total 12
> > drwxrwx---  5 share  mail  512 17 авг 12:17 .
> > drwxrwx---  6 root   mail  512 17 авг 11:04 ..
> > drwxrwx---  2 share  mail  512 17 авг 11:18 cur
> > -rwxrwx---  1 root   mail   21 17 авг 10:36 dovecot-acl
> > -rwxrwx---  1 root   mail    0 16 авг 17:56 dovecot-shared
> > drwxrwx---  2 share  mail  512 17 авг 11:17 new
> > drwxrwx---  2 share  mail  512 17 авг 11:17 tmp
> >
> > my dovecot-acl file:
> >
> > public/.share ]> cat dovecot-acl
> > owner lr
> > user=typ lr
> >
> > But user typ can delete messages. But ACL seems working because if I
> > remove letter 'l' from typ's setting he cannot see the folder.
> >
> > Here is my config:
> > ----------8<------------
> > protocols = imap
> > ssl_disable = yes
> > disable_plaintext_auth = no
> > shutdown_clients = yes
> > log_path = /var/log/dovecot/sys.log
> > info_log_path = /var/log/dovecot/info.log
> > login_process_size = 64
> > verbose_proctitle = yes
> > first_valid_gid = 0
> > mail_extra_groups = mail
> > default_mail_env = mbox:/var/mail/%u:INDEX=/home/user/%u:INBOX=/var/mail/%u
> > namespace private {
> >   separator = /
> >   prefix =
> >   location = maildir:/home/user/%u/.maildir
> >   inbox = yes
> > }
> > namespace public {
> >  separator = /
> >  prefix = Public/
> >  location =
> >  maildir:/home/user/public:CONTROL=/home/user/%u/public/control:INDEX=/home/user/%u/public/index
> >  hidden = no
> >  inbox  = no
> > }
> > mbox_read_locks = fcntl
> > mbox_write_locks = dotlock fcntl
> > mbox_lock_timeout = 300
> > mbox_very_dirty_syncs = yes
> > umask = 0007
> > protocol imap {
> >     listen = 192.168.101.1:143
> >  mail_plugins = acl
> >   imap_client_workarounds = delay-newmail outlook-idle
> > }
> >
> > protocol pop3 {
> >  pop3_uidl_format = %08Xu%08Xv
> >  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> > }
> > auth default {
> >  mechanisms = plain
> >  passdb pam {
> >  }
> >  userdb passwd {
> >  }
> >  user = root
> > }
> > plugin {
> > }
> > -----------------8<--------------
> >
> >
> > --
> > typus
> > vulgaris
>

-- 
typus
vulgaris