[Dovecot] Easy way to make all mailboxes of a user read-only

Timo Sirainen tss at iki.fi
Thu Apr 11 16:15:23 EEST 2013


On 11.4.2013, at 16.07, Stephan von Krawczynski <skraw at ithnet.com> wrote:

> On Thu, 11 Apr 2013 16:00:22 +0300
> Timo Sirainen <tss at iki.fi> wrote:
> 
>> On 11.4.2013, at 15.07, Stephan von Krawczynski <skraw at ithnet.com> wrote:
>> 
>>> I try to configure dovecot to make all imap accesses read-only for a certain
>>> user. I thought this would be possible by creating a global acl file (here
>>> "global-acl") like:
>> 
>> Sorry, there is still no "default ACLs" feature in Dovecot. The only semi-easy way to do what you want is using filesystem permissions.
>> 
>> This is something that really should be developed though.. But probably not until v2.3.
> 
> Oh, that is _bad_. I cannot use fs permissions because the MTA (postfix) must
> have write permissions (to the directories) to create the mail files... 

The MTA can work as it used to, if it can just set a group-read permission to the files. So your read-only user would belong to that read-only-group. I'm not sure how Postfix assigns permissions, but if it can't do that you could switch to Dovecot LDA/LMTP which can set the group correctly.



More information about the dovecot mailing list