[Dovecot] Public Namespace and ACLs with pure virtual users

Timo Sirainen tss at iki.fi
Mon Jun 4 04:28:56 EEST 2007


On Wed, 2007-05-23 at 17:30 +0200, Marc Delling wrote:
> first of all: this works to some point but is such a configuration  
> valid? can a public namespace be the maildir of a user?

Yes.

> now the problem:
> the whole mail system runs with one uid/gid and virtual users, which  
> has the effect that some user can delete mails in the public  
> namespace or drop mails into it, create folders etc. this is not  
> wanted. i wanted a read-only public namespace. so i decided to use  
> acls. as namespace prefixes are ignored i needed to create them  
> globally. 

That's exactly the reason why I think you shouldn't use global ACLs. You
could instead create dovecot-acl file to the maildir itself.

> /etc/dovecot/acls/Support:
> 
> owner lrwstiekxa
> authenticated lr
> 
> which lead to the result that other users than all at mydomain cannot  
> manipulate the public namespace at all, including setting their /Seen  
> flag. that was the first surprise to me as i thought this flag would  
> be managed seperately in the users homes.

Well, yes, but you're explicitly telling the ACL plugin to prevent even
that.

> after a (very short) thought i came to this (allow setting the /Seen  
> flag for others):
> 
> owner lrwstiekxa
> authenticated lrs
> 
> which lead to another unexpected result: the /Seen flag is now set  
> globally. if one user marks a mail /Seen, it is /Seen for all other  
> users too.

ACL plugin shouldn't have anything to do with that decision. The \Seen
flag is stored privately if you have created dovecot-shared file to the
maildir. There isn't yet support for separate shared and private flags
(and I'm not sure if there ever will be).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070604/4d6ef148/attachment.bin 


More information about the dovecot mailing list