dovecot - Aug 2006 - Dovecot public folders ACL

Hi, all!

I'm new to dovecot but trying to setup read-only public folders for
different user groups.

My goal is to create several public folder such as sales, operation
etc with per user index.

But I have some problem which I can't resolve with Google and Dovecot.Org.

Now users can see and subscribe to test folder "share", but I
can't
block ability to delete messages via ACL.

Here is file system permissions:

public/.share ]> ls -la
total 12
drwxrwx---  5 share  mail  512 17 ??? 12:17 .
drwxrwx---  6 root   mail  512 17 ??? 11:04 ..
drwxrwx---  2 share  mail  512 17 ??? 11:18 cur
-rwxrwx---  1 root   mail   21 17 ??? 10:36 dovecot-acl
-rwxrwx---  1 root   mail    0 16 ??? 17:56 dovecot-shared
drwxrwx---  2 share  mail  512 17 ??? 11:17 new
drwxrwx---  2 share  mail  512 17 ??? 11:17 tmp

my dovecot-acl file:

public/.share ]> cat dovecot-acl
owner lr
user=typ lr

But user typ can delete messages. But ACL seems working because if I
remove letter 'l' from typ's setting he cannot see the folder.

Here is my config:
----------8<------------
protocols = imap
ssl_disable = yes
disable_plaintext_auth = no
shutdown_clients = yes
log_path = /var/log/dovecot/sys.log
info_log_path = /var/log/dovecot/info.log
login_process_size = 64
verbose_proctitle = yes
first_valid_gid = 0
mail_extra_groups = mail
default_mail_env = mbox:/var/mail/%u:INDEX=/home/user/%u:INBOX=/var/mail/%u
namespace private {
   separator = /
   prefix    location = maildir:/home/user/%u/.maildir
   inbox = yes
}
namespace public {
  separator = /
  prefix = Public/
  location =
maildir:/home/user/public:CONTROL=/home/user/%u/public/control:INDEX=/home/user/%u/public/index
  hidden = no
  inbox  = no
}
mbox_read_locks = fcntl
mbox_write_locks = dotlock fcntl
mbox_lock_timeout = 300
mbox_very_dirty_syncs = yes
umask = 0007
protocol imap {
     listen = 192.168.101.1:143
  mail_plugins = acl
   imap_client_workarounds = delay-newmail outlook-idle
}

protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
auth default {
  mechanisms = plain
  passdb pam {
  }
  userdb passwd {
  }
  user = root
}
plugin {
}
-----------------8<--------------


-- 
typus
vulgaris

After trying and failing to do the same thing, I'm also curious about
this. Do ACLs simply not work with shared folders? If so, what's the
point of ACLs? Only shared resources need access control in the first
place.


--Jeff

On Thu, Aug 17, 2006 at 12:24:35PM +0300, typus vulgaris
wrote:
> Hi, all!
> 
> I'm new to dovecot but trying to setup read-only public folders for
> different user groups.
> 
> My goal is to create several public folder such as sales, operation
> etc with per user index.
> 
> But I have some problem which I can't resolve with Google and
Dovecot.Org.
> 
> Now users can see and subscribe to test folder "share", but I
can't
> block ability to delete messages via ACL.
> 
> Here is file system permissions:
> 
> public/.share ]> ls -la
> total 12
> drwxrwx---  5 share  mail  512 17 ??? 12:17 .
> drwxrwx---  6 root   mail  512 17 ??? 11:04 ..
> drwxrwx---  2 share  mail  512 17 ??? 11:18 cur
> -rwxrwx---  1 root   mail   21 17 ??? 10:36 dovecot-acl
> -rwxrwx---  1 root   mail    0 16 ??? 17:56 dovecot-shared
> drwxrwx---  2 share  mail  512 17 ??? 11:17 new
> drwxrwx---  2 share  mail  512 17 ??? 11:17 tmp
> 
> my dovecot-acl file:
> 
> public/.share ]> cat dovecot-acl
> owner lr
> user=typ lr
> 
> But user typ can delete messages. But ACL seems working because if I
> remove letter 'l' from typ's setting he cannot see the folder.
> 
> Here is my config:
> ----------8<------------
> protocols = imap
> ssl_disable = yes
> disable_plaintext_auth = no
> shutdown_clients = yes
> log_path = /var/log/dovecot/sys.log
> info_log_path = /var/log/dovecot/info.log
> login_process_size = 64
> verbose_proctitle = yes
> first_valid_gid = 0
> mail_extra_groups = mail
> default_mail_env = mbox:/var/mail/%u:INDEX=/home/user/%u:INBOX=/var/mail/%u
> namespace private {
>   separator = /
>   prefix >   location = maildir:/home/user/%u/.maildir
>   inbox = yes
> }
> namespace public {
>  separator = /
>  prefix = Public/
>  location = 
> 
maildir:/home/user/public:CONTROL=/home/user/%u/public/control:INDEX=/home/user/%u/public/index
>  hidden = no
>  inbox  = no
> }
> mbox_read_locks = fcntl
> mbox_write_locks = dotlock fcntl
> mbox_lock_timeout = 300
> mbox_very_dirty_syncs = yes
> umask = 0007
> protocol imap {
>     listen = 192.168.101.1:143
>  mail_plugins = acl
>   imap_client_workarounds = delay-newmail outlook-idle
> }
> 
> protocol pop3 {
>  pop3_uidl_format = %08Xu%08Xv
>  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> }
> auth default {
>  mechanisms = plain
>  passdb pam {
>  }
>  userdb passwd {
>  }
>  user = root
> }
> plugin {
> }
> -----------------8<--------------
> 
> 
> -- 
> typus
> vulgaris