[Dovecot] Easy way to make all mailboxes of a user read-only

Stephan von Krawczynski skraw at ithnet.com
Thu Apr 11 16:57:23 EEST 2013


On Thu, 11 Apr 2013 16:35:32 +0300
Timo Sirainen <tss at iki.fi> wrote:

> On 11.4.2013, at 16.24, Stephan von Krawczynski <skraw at ithnet.com> wrote:
> 
> >> The MTA can work as it used to, if it can just set a group-read permission to the files. So your read-only user would belong to that read-only-group. I'm not sure how Postfix assigns permissions, but if it can't do that you could switch to Dovecot LDA/LMTP which can set the group correctly.
> > 
> > That is not the problem. I can set any type of permission on the mail file
> > itself. Only it does not help because dovecot nevertheless is able to move the
> > mails around or "delete" them by moving to trash box.
> 
> No, the idea was to use two UNIX users:
> 
> 1) the user that owns the mails and has read-write acces
> 
> 2) another read-only user that does not own the mails, has only group-read access. can't do anything at all to the mails.
> 
> The directories need to have similar permissions as well (750).

That's about as complicated as patching the MTA to auto-create the acl file,
which I did now. I'd say global acls would be a nice coming feature ;-) 

-- 
Regards,
Stephan


More information about the dovecot mailing list