Shared inbox?
andy at thecsillags.com
andy at thecsillags.com
Thu May 28 13:08:26 UTC 2015
Chris,
I do indeed have an acl_shared_dict set up. That may be the ticket. That makes it so that the IMAP server knows that you have acls on the other mailbox, so it can know to then look in that mailbox to find out precisely what the ACLs are.
Cheers,
Andy
May 28 2015 12:49 AM, "Chris Ross" <cross+dovecot at distal.com> wrote:
> On May 27, 2015, at 22:57 , Chris Ross <cross+dovecot at distal.com> wrote:
>
>> On May 25, 2015, at 15:55 , andy at thecsillags.com wrote:
>>> When I set them up that way, I shared the target inbox (we'll call it foo at example.com) to be
>>> accessible by user bar at example.com. When I go into my email client, I'll see something like:
>>> shared/foo at example.com/INBOX as a folder.
>>
>> When you say "set them up that way", do you mean following the example config at
>> SharedMailboxes/Shared ? In that example, a mail_location is set at the outer level, which I think
>> I don't want to do, and overridden in the shared namespace. I'm assuming I don't want either of
>> those, or at least that's what I'm going to try first.
>>
>> A question I have given your example above, is, did you set mail_shared_explicit_inbox ? It's only
>> briefly described what that effects, so I'm not sure which setting (on or off) will cause the
>> shared/foo at example.com/INBOX you describe seeing. I assume on, so I've turned it on.
>>
>>> The boxes don't have to be shared publicly if you use the "private" namespace.
>>
>> By "use the "private" namespace", do you mean specifying a separate namespace block in the config,
>> like the one is declared in the example at http://wiki2.dovecot.org/SharedMailboxes/Shared ? If so,
>> that's what I've done. If there is a way to have a single namespace declared that's both private
>> and shared, I don't see that, so I have two as presented on that wiki page.
>
> Okay. Lots of trial and error and error, and I at least have some configuration that I think
> includes pieces about shared mailboxes and ACLs, and it's actually up and running. But, I'm not
> seeing the shared folder.
>
> I was getting a lot of errors about separators (namespace configuration error: All list=yes
> namespaces must use the same separator) and prefixes (namespace configuration error: list=yes
> requires prefix=/ not to start with separator), but have it working now. The namespace private
> block from the example at http://wiki2.dovecot.org/SharedMailboxes/Public caused many of those
> problems, and I didn't have a separator configured at all (ie, was still commented out) in my main
> namespace, so that apparently conflicted with the "separator = /" in the shared namespace. But, all
> that resolved.
>
> The config file I've added into conf.d/15-shared.conf is:
>
> namespace {
> type = shared
> separator = /
> prefix = shared/%%u/
> location = maildir:/home/%%n/Maildir:INDEX=~/Maildir/shared/%%u:INDEXPVT=~/Maildir/shared/%%u
> subscriptions = no
> list = children
> }
> mail_shared_explicit_inbox = yes
> protocol imap {
> mail_plugins = $mail_plugins acl imap_acl
> }
> plugin {
> acl = vfile
> }
>
> This comes from the aforementioned wiki page. I ran the doveadm acl command you suggested (though
> my usernames have no domain part, like your example did have domain parts)
>
> Now, while dovecot is back to working, I don't see a shared folder anywhere. "doveadm mailbox list"
> lists the mailboxes for users, including the INBOX I've tried to configure an ACL to let me share.
>
> Clearly I'm missing a piece. Andy, or anyone else, if you see what I've missed, please let me know.
> I'm not seeing anything back from the server with my mail client under "Subscription List", so I
> can't choose to subscribe. Maybe I've turned off subscriptions somehow, and it's not
> auto-subscribing me? Or, maybe having "list=children", and I haven't set up the ACL correctly?
>
> I ran:
>
> sudo doveadm acl add -u childuser INBOX user=cross lookup read write write-seen write-deleted
> insert post expunge create delete admin
>
> After removing the domains from your example, that's about what you had. I can see the INBOX for
> childuser with "doveadm mailbox list -u childuser".
>
> Ahh. I think I may be on to something. I tried the "doveadm acl add" again, which seems to succeed,
> but "doveadm acl debug" then doesn't mention anything about me, or my access to childuser's INBOX.
> Running the "acl add" with "doveadm -D" shows:
>
> doveadm(childuser): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled
>
> and later:
>
> doveadm(childuser): Debug: acl vfile: Global ACLs disabled
>
> The first of those looks like it might be a problem. Do you have an "acl_shared_dict" set up in
> your config anywhere, Andy?
>
> Thanks. Any help appreciated.
>
> - Chris
More information about the dovecot
mailing list