Hello dovecot,
First poster here.
What I want : give a.chaouche at algerian-radio.dz list and read permissions on
a.chaouche at backup.algerian-radio.dz. Let's just discuss sharing the inbox
then I can do the same for subfolders, in any. a.chaouche at algerian-radio.dz
and a.chaouche at backup.algerian-radio.dz are two different users. Details
about the domains aren't relevant here I guess.
My dovecot configuration, what I believe to be the important parts :userdb {
args = uid=vmail gid=vmail home=/var/vmail/%d/%n/
driver = static
}
namespace partage {
location = maildir:%%h:INDEX=~/%%u
prefix = shared.%%u.
separator = .
type = shared
}
mail_location = Maildir:~/
Both users can access their respective inboxes just fine, I only need to give
a.chaouche at algerian-radio.dz access to a.chaouche at backup.algerian-radio.dz
Full output of doveconf -n :
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.3
auth_mechanisms = plain login
debug_log_path = /var/log/dovecot.debug
disable_plaintext_auth = no
first_valid_uid = 100
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = Maildir:~/
mail_plugins = " quota acl"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix = INBOX.
separator = .
type = private
}
namespace partage {
hidden = no
location = maildir:%%h:INDEX=~/%%u
prefix = shared.%%u.
separator = .
type = shared
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
acl = vfile
quota = maildir:User quota
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=80%% quota-warning 80 %u
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
postmaster_address = root at algerian-radio.dz
protocols = " imap lmtp sieve"
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = no
userdb {
args = uid=vmail gid=vmail home=/var/vmail/%d/%n/
driver = static
}
protocol lmtp {
mail_plugins = " quota acl sieve quota"
}
protocol lda {
mail_plugins = " quota acl sieve"
}
protocol imap {
mail_plugins = " quota acl imap_quota imap_acl"
}
I don't know if it's possible to share folders with the doveadm acl
command ?
root at messagerie[10.10.10.20] ~ # doveadm acl debug? -u a.chaouche at
algerian-radio.dz shared/a.chaouche at backup.algerian-radio.dz
doveadm(a.chaouche at algerian-radio.dz): Error: Can't open mailbox
shared/a.chaouche at backup.algerian-radio.dz: Mailbox doesn't exist:
shared/a.chaouche at backup.algerian-radio.dz
root at messagerie[10.10.10.20] ~ #
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 May 2016, chaouche yacine wrote:> namespace inbox {> prefix = INBOX. > separator = .^^^^^^^^> type = private > } > namespace partage { > hidden = no > location = maildir:%%h:INDEX=~/%%u > prefix = shared.%%u.^^^^^^^^^> separator = . > type = shared > }looks fine for me,> I don't know if it's possible to share folders with the doveadm acl command ? > root at messagerie[10.10.10.20] ~ # doveadm acl debug? -u a.chaouche at algerian-radio.dz shared/a.chaouche at backup.algerian-radio.dz > doveadm(a.chaouche at algerian-radio.dz): Error: Can't open mailbox shared/a.chaouche at backup.algerian-radio.dz: Mailbox doesn't exist: shared/a.chaouche at backup.algerian-radio.dzyou are using the dot as separator, that is: shared/a.chaouche at backup. should spell shared.a.chaouche at backup. However, because there are dots in the username, too, this probably won't work, because Dovecot probably picks up "a" as username. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVzM9HHz1H7kL/d9rAQIGmwgAi7ga1a1Vv8HfvcAc6mIqxkBHdI5jL3MC YfMVwwuj7NJMjS8l/ouYxJCXdMn5k+sbRifwR/jyBcZtsvz3/ijkMx3RQyoq+LwZ r01Mxb4YR7ub5sNUIeIRtRcR/aNfDLNZb86PpDCHs2WKLU2atS5vVLmJWNiMaJNV MSG72OFKoLUJuRoSM26c2AH/f33WjuEinjjGMk481ezNBmZIuSWU2lJjmUXjfox9 BPzGRUkUKtlV9tkQjJUVjuwcfmvs+ChmTI3O2F37KWswP8zw0/EYXdyRpWCJso7F 8Ecrbu14cSHjisaerTQ4xko+ossPGoEE+Rh7XHuv8VDdNruur5AeVg==DH0D -----END PGP SIGNATURE-----
Thanks Steffen. I went the quick'n'dirty way described at : http://wiki2.dovecot.org/SharedMailboxes/Symlinks and I must say it works fine as far as I have tested. Here's what I did : $ cd /var/vmail/algerian-radio.dz/a.chaouche/ $ ln -s /var/vmail/backup.algerian-radio.dz/a.chaouche/ .shared.a_chaouche at backup_algerian-radio_dz <---- change "." to "_" If I didn't change the dots they would appear as subfolder separators to dovecot (Maildir++ specs ? ) If you do this then a.chaouche at algerian-radio.dz can do whatever he wants with a.chaouche at backup.algerian-radio.dz mailbox. We don't want this. We want him to only read the mail, not delete it. For this, he needs two permissions : reading of course and listing, because he needs to list the emails in order to choose which one he wants to read. If he doesn't have the listing permission then the MUA would get an error when it tries to list all the messages in the inbox. We do this by adding a dovecot-acl file in the mailbox we want to share : root at messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche # cat dovecot-acl user=a.chaouche at algerian-radio.dz lr root at messagerie[10.10.10.20] /var/vmail/backup.algerian-radio.dz/a.chaouche # This says that user a.chaouche at algerian-radio.dz has the "l" right (listing) and the "r" right (reading). You can make sure that it's setup as expected with the acl tool : root at messagerie[10.10.10.20] ~ # doveadm acl get -u a.chaouche at algerian-radio.dz INBOX.shared.a_chaouche at backup_algerian-radio_dz ID Global Rights user=a.chaouche at algerian-radio.dz lookup read root at messagerie[10.10.10.20] ~ # 1. No need for SQL tables 2. No need for dictionary mappings 3. No need for doveadm acl commands Yassine. ________________________________ From: Steffen Kaiser <skdovecot at smail.inf.fh-brs.de> To: chaouche yacine <yacinechaouche at yahoo.com> Cc: "dovecot at dovecot.org" <dovecot at dovecot.org> Sent: Wednesday, May 11, 2016 3:09 PM Subject: Re: How do I share folders ? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 11 May 2016, chaouche yacine wrote:> namespace inbox {> prefix = INBOX. > separator = .^^^^^^^^> type = private > } > namespace partage { > hidden = no > location = maildir:%%h:INDEX=~/%%u > prefix = shared.%%u.^^^^^^^^^> separator = . > type = shared > }looks fine for me,> I don't know if it's possible to share folders with the doveadm acl command ? > root at messagerie[10.10.10.20] ~ # doveadm acl debug -u a.chaouche at algerian-radio.dz shared/a.chaouche at backup.algerian-radio.dz > doveadm(a.chaouche at algerian-radio.dz): Error: Can't open mailbox shared/a.chaouche at backup.algerian-radio.dz: Mailbox doesn't exist: shared/a.chaouche at backup.algerian-radio.dzyou are using the dot as separator, that is: shared/a.chaouche at backup. should spell shared.a.chaouche at backup. However, because there are dots in the username, too, this probably won't work, because Dovecot probably picks up "a" as username. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVzM9HHz1H7kL/d9rAQIGmwgAi7ga1a1Vv8HfvcAc6mIqxkBHdI5jL3MC YfMVwwuj7NJMjS8l/ouYxJCXdMn5k+sbRifwR/jyBcZtsvz3/ijkMx3RQyoq+LwZ r01Mxb4YR7ub5sNUIeIRtRcR/aNfDLNZb86PpDCHs2WKLU2atS5vVLmJWNiMaJNV MSG72OFKoLUJuRoSM26c2AH/f33WjuEinjjGMk481ezNBmZIuSWU2lJjmUXjfox9 BPzGRUkUKtlV9tkQjJUVjuwcfmvs+ChmTI3O2F37KWswP8zw0/EYXdyRpWCJso7F 8Ecrbu14cSHjisaerTQ4xko+ossPGoEE+Rh7XHuv8VDdNruur5AeVg==DH0D -----END PGP SIGNATURE-----