[Dovecot] Public (Shared Folders) ACL Questions

Timo Sirainen tss at iki.fi
Thu Sep 11 23:30:27 EEST 2008 

On Thu, 2008-09-04 at 19:07 +1200, Mailing List wrote:
> I'm trying to set up a public namespace so that a set of IMAP folders
> are available to all staff - similar to MS Exchange Public Folders.
> 
> I've managed to set up the namespace correctly but I'm having trouble
> with the ACLs. The global ACL file is the only method I can get to work.
> 
> All I want to do is to allow 1 user admin privileges to create & delete
> anything but all other users should only be able to create not delete.
> Reading through the mailing list I thought a /etc/dovecot-acls/.DEFAULT
> file would be suitable but what should be put in here to achieve what I
> want?

If you aren't already using v1.1, upgrade to it. Otherwise this just
isn't going to work right.

Next put the .DEFAULT file to the correct directory. If you have for
example namespace prefix "Shared/" put it
to /etc/dovecot-acls/Shared/.DEFAULT.

>  Are you able to use wildcards somehow within this file, i.e.:
> ----------------------------------------
> owner lrwstiekxa

public mailboxes have no owner. This isn't doing anything.

> user=admin at domain.com lrwstiekxa

ok.

> user=*@domain.com lrw

Wildcards don't work currently, but you could use:

anyone lrw

> Does this .DEFAULT file only apply to the public (shared) namespace or
> will it effect private mailboxes also?

Put it under the right prefix, and it only applies there.

> If I was to create a specific global acl file for a specific folder
> which would take precedence, the .DEFAULT acls or the specific folder
> acls?

Folder specific. Also note that .DEFAULT currently isn't recursive, so
if you created foo/bar mailbox, it wouldn't have any ACLs by default and
no-one would be able to access it. You'd
need /etc/dovecot-acls/foo/.DEFAULT for that.

> Also an "INBOX" is shown within the public folders namespace but no
> folder exists in the public folders maildir hierarchy - any ideas how I
> can stop this?

Sounds like you're using v1.0, which does this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080911/528945f9/attachment-0001.bin

More information about the dovecot mailing list