[Dovecot] Dovecot, Shared Mailboxes (via symlink), and ACLs

Tue Oct 27 23:25:43 EET 2009

Hello!
I think, if you keep maildirs by different uid then you must change file 
permissons to permit access to shared maildir.
I don`t now about procmail delivery options, but in dovecots "deliver" - 
if you create in shared maildir file called "dovecot-shared", than 
deliver will keep permissions like this file.

After long experiments i choose dovecots v1.2 shared maildir scheme with 
imap acls.

Best Regards!
Michael

27.10.2009 22:51, Dave пишет:
> Hello!  I just joined the list and will be happy to help where I can in
> my limited experience, but also come to the table with a question.  I
> think there's something I'm missing regarding shared mailboxes and ACLs,
> so I will describe my situation and see if I am understanding correctly
> (running Dovecot 1.1.10).  I have read over the Dovecot Wiki many times
> and have scoured many forums but still can't seem to find a solution.
>
> I have an IMAP mailbox that is working fine (user imapuser), so the
> maildir and related structure is in:  /home/imapuser/Maildir
>
> I have another IMAP mailbox for another imap user, newuser1, also
> working fine, with maildir and related structure in:  
> /home/newuser1/Maildir
>
> I have created a symlink under newuser1's Maildir to imapuser's Maildir
> so as to give newuser1 access to the things in imapusers's inbox.  I
> have also symlinked inside the newuser1 Maildir to a folder under
> imapusers's inbox, let's call it "MailingList", basically settiing up
> something like:
>
> /home/newuser1/Maildir:
> cur/
> .imapuserinbox -> /home/imapuser/Maildir
> .imapusermailinglist -> /home/imapuser/Maildir/MailingList
> new/
> tmp/
> (... and various other Dovecot-related files, nothing ACL related.)
>
> Now, I have gotten the shared boxes to work IF I changed the permissions
> to be rwx for user and group on /home/imapuser/Maildir/*, but this makes
> procmail (and .procmailrc) unhappy and it starts sending things to mbox
> files (old system) instead of sending them on to the Maildir.  So that
> doesn't seem to work.  Which led me to ACLs.  Now, I've tried (after
> enabling the two appropriate lines in dovecot.conf and restarting
> dovecot, etc) both per-directory ACL files and global ACLs, and while I
> can get some things to *change* as viewed by my mail client, I can't
> seem to create consistent behavior.  I know that's fairly vague, but
> it's like I'll change something in the global ACL and folders are
> affected that I wouldn't anticipate, based on what I'm understanding of
> ACLs.
>
> So, in the example above, if I enable global ACLs, what names do I use
> to refer to those shared boxes I'm trying to access?  Do I use the link
> name I made, .imapuserinbox or .imapusermailinglist (without leading
> periods), like /etc/dovecot/acls/imapuserinbox, or is it based off of
> the original dir name?  Like do I need something like
> /etc/dovecot/acls/MailingList ?  What about the "inbox" I'm sharing in
> /home/imapuser/Maildir, how do I reference that?  Is there a way to do
> it without affecting or changing permissions of other IMAP users and
> inboxes on the same system?
>
> One thing I am receiving consistently in the error logs is:
> mail dovecot: IMAP(newuser1):
> stat(/home/newuser1/Maildir/.imapuserinbox/tmp) failed: Permission
> denied (euid=152(newuser1) egid=100(usergroup) UNIX perms seem ok, ACL
> problem?)
>
> So it seems if I get the ACL stuff right, I will be in business.  Any
> ideas??  Thanks for any help anyone can give!!
> Dave
>
>

-- 
----------------------------------------
Системный администратор
ООО НПП "СПЕЦСТРОЙ-СВЯЗЬ"
Захаренко Михаил
тел. +78634 311562 доб. 478