[Dovecot] Effect of separators (was: Re: Permissions in shared folders)

Lukas Haase lukashaase at gmx.at
Tue Feb 8 17:54:33 EET 2011 

Dear list,

A dumb question: What exactly is the effect of the separator?

Is it also used to separate in the underlying file system? I.e. when I 
have the separator '/', the IMAP folder Sent/Jan is physically stored as

/home/lukas/Maildir/.Send/Jan/cur

? If this is true this would greatly solve my problem described at the 
bottom.

I have tried it myself, however, dovecot 1.2 does not allow to create a 
namespace with a separator different than my default namespace...

If this works, is there a convenient migration procedure possible to 
migrate from . to /?
The Wiki just mentions the other way (/ --> .).

Best regards,
Luke



Am 08.02.2011 11:33, schrieb Lukas Haase:
> Hi,
>
> On my mail server I want to implement shared folders for each workgroup
> where there are many workgroups.
>
> One way would be to create a separate namespace for each workgroup.
> However, this does not scale well so I decided to use a single Shared
> mailbox and use ACLs:
>
> namespace public {
> separator = .
> prefix = Shared.
> location = maildir:/var/mail/shared:CONTROL=~/Maildir/shared
> }
>
> Each workgroup should get a subfolder in "Shared". Until now, this
> works, I create .Group1, .Group2 and assign correct group permissions
> and ACL files.
>
> However, now a user from group1 wants to create a subfolder in his IMAP
> folder. Since the permissions for /var/mail/shared/.Group1 are correct
> (writeable to group1 and the user is member of group1 and 'k' ACL
> permissions are active) I would expect it to work.
>
> However, for obvious reasons, the *sub*folder is created as
>
> /var/mail/shared/.Group1.Subfolder
>
> so it is actually not a subfolder in sense of the filesystem but rather
> a folder inside /var/mail/shared
>
> However, the user does (and should) not have write permissions to
> /var/mail/shared (only to /var/mail/shared/.Group1).
>
> Is there a way to overcome this problem? Why can't dovecot just use
> /var/mail/shared/.Group1/.Subfolder? Is there an option to do so? It
> would make everything a lot easier.
>
> The one option is to make /var/mail/shared world-writeable - which is
> not really a good option.
>
> A second option might be to use ACLs and give each group write
> permissions to /var/mail/shared. However, not even this seems very
> "clean" to me.
>
> What is the best way to handle this?
>
> Best regards,
> Luke
>
>
>

More information about the dovecot mailing list