[Dovecot] Easy way to make all mailboxes of a user read-only
Stephan von Krawczynski
skraw at ithnet.com
Thu Apr 11 16:57:23 EEST 2013
On Thu, 11 Apr 2013 16:35:32 +0300
Timo Sirainen <tss at iki.fi> wrote:
> On 11.4.2013, at 16.24, Stephan von Krawczynski <skraw at ithnet.com> wrote:
>
> >> The MTA can work as it used to, if it can just set a group-read permission to the files. So your read-only user would belong to that read-only-group. I'm not sure how Postfix assigns permissions, but if it can't do that you could switch to Dovecot LDA/LMTP which can set the group correctly.
> >
> > That is not the problem. I can set any type of permission on the mail file
> > itself. Only it does not help because dovecot nevertheless is able to move the
> > mails around or "delete" them by moving to trash box.
>
> No, the idea was to use two UNIX users:
>
> 1) the user that owns the mails and has read-write acces
>
> 2) another read-only user that does not own the mails, has only group-read access. can't do anything at all to the mails.
>
> The directories need to have similar permissions as well (750).
That's about as complicated as patching the MTA to auto-create the acl file,
which I did now. I'd say global acls would be a nice coming feature ;-)
--
Regards,
Stephan
More information about the dovecot
mailing list