[Dovecot] A common, read-only IMAP INBOX for all accounts

[Gus]

Hi,

since I had no luck finding people available on IRC, I hope someone here
can provide
me with some answers to, hopefully, 2 simple questions (and have the
solution recorded
in the archives for everyone with the same need).

A little background, as the subject says it - I want to have a single INBOX
shared
among all the accounts on my system, where only one account would have
writing rights,
and all the rest would only be able to read the messages.
Note this is different than providing a shared mailbox in addition to an
INBOX - I actually
want the shared INBOX to be the one and only folder that users can see and
read as they
will not be receiving any personal mails on this system.
Naturally, I would also want that each account keeps track of read/unread
messages
independently of others.

So, this is what I came up with (showing the relevant part of configuration
only):

# Per-user mail root and private/shared INBOX namespace
userdb {
  driver = static
  args = uid=vmail gid=vmail home=/var/vmail/users/%u
}
namespace {
  type = private
  separator = /
  prefix =
  location = maildir:/var/vmail/public:INDEX=~/public
  inbox = yes
}

# The ACL contents of /var/vmail/public/dovecot-acl
user=admin lrwstipekx
anyone lrs

Now, this actually results in exactly what I want (apart from a problem
I'll describe
below), but I'm not sure if it's the right way to do it. So the questions:

1. I have doubts that this solution could cause problems with dot file
locking or dovecot
data files corruption in the /var/vmail/public mailbox/directory when
multiple users access
the box simultaneously (and this could be thousands of users in
production). Is this a valid
concern and have I gone completely wrong with this solution, or there
should be no problem
with locking and I can keep it this way? If this is not the way to do it,
can someone advise on
the proper configuration that would achieve the same result, if it's
possible at all (or what are
the alternatives if it can't be done).
2. For testing purposes, I used a perl script (using the Maildir::Lite
module) to create a test
message in this mailbox (it gets stored in the new/ subdirectory, as I
suppose it should). Now
this message shows up as "unread" for all accounts, however when I read it
in an IMAP client
and then refresh the mailbox, it shows up as unread again. Per-user INDEX
directory is writable
and I see some files created there by dovecot, so shouldn't they contain
the \Seen flags that
indicate the message has been read? Is this maybe a client problem and how
can I check that
dovecot actually saves the flag correctly?

The dovecot version I'm using is 2.0.9 (from the CentOS 6.x repositories).

Thanks in advance and kind regards,
  Tin