Dear Steffan, Noted. Thanks for your feedback! Best Regards Kevin On Wed, May 6, 2015 at 2:12 PM, Steffen Kaiser <skdovecot at smail.inf.fh-brs.de> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 6 May 2015, Kevin Laurie wrote: > >> By permission I mean (read, write, look-up seen). I dont think symlink >> will allow these features. > > > Symlinks grant all IMAP permissions, the filesystem level permits. That is, > with symlinks you cannot selectivly deny permissions easily. > >> ACL does support such features. >> Only problem is that I have to setacl for individual boxes (ie >> Inbox,Sent,Junk etc.) > > > There are front ends for IMAP ACLs and more importantly for your current > situation: > > http://wiki2.dovecot.org/Tools/Doveadm/ACL > > Works great. If you search the list, you will find posts how to grant > permissions for several or all mailboxes of one account with a tool chain > using "doveadm mailbox list ". > > >> On Wed, May 6, 2015 at 1:15 PM, Steffen Kaiser >> <skdovecot at smail.inf.fh-brs.de> wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On Tue, 5 May 2015, Kevin Laurie wrote: >>> >>>> I am trying to map a account(bob at mydomain.com) to help at mydomain.com. I >>>> would like him to see/access Inbox,Sent,Junk,Trash of >>>> help at mydomain.com . What would you reckon would be the best way to do >>>> this? ACL or Symlink? >>> >>> >>> >>> to suggest a "best way" we would need to know more about your Dovecot >>> installation. >>> >>>> With symlink, I dont think I will be able to set permissions. >>> >>> >>> >>> What permissions you are talking of? >>> >>>> Is it possible to use ACL to get the entire email account access(the >>>> inbox, junk, sent etc.)? >>> >>> >>> >>> With ACLs help can allow bob to access selected mailboxes with selected >>> IMAP >>> permissions, if bob may access the mail storage of help on file system >>> level. ACLs are more powerful, but require more setup. >>> >>> I use both ways: >>> >>> ACLs to share mailboxes in general, which appear in the users branch, and >>> symlinks to place SPAM reporting mailboxes right into the namespace of >>> each >>> user. >>> >>> - -- Steffen Kaiser >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1 >>> >>> iQEVAwUBVUmxg3z1H7kL/d9rAQLuHwf/SdVE/ZAH4Tf4/H0EacRvNEn08qUOROGq >>> eKLpd0p/TFpbHQxfM0YLazH9QEJBIP5mpRWa5U0WVzFiLTfR1UgVPcS3xjJnq+Pl >>> uR9/vQfUpn/B+viGCsTB8ItKCnTF892mCsiUbiFEs7BeF5jdoTOdHCsHorJL/UKa >>> bmpTD1ORUeKcA7m075jhTVDB6jwgWRELItIx9W2sqHBu+wfWfMp5lv3qSyOXPLtH >>> onz+aUYhzAepuAhVI36feMUEwZhzHF+3fvzJmKZJSEQ3BwEZOm0eOqeba4gk52KC >>> rSCwLZ2aDEwAx9L95MmT+B08M6ChNOuILTiYFlv0o/3G3Qt8qhqHhA=>>> =Q36P >>> -----END PGP SIGNATURE----- >> >> > > - -- Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQEVAwUBVUm+1Xz1H7kL/d9rAQKe6QgAnKH2zKVKZzfawIEwhpd4qY1fXP1dXNvA > Ymzsf4i2MSG2hg8d1Nw91kxPQxmamHq98HLgHFjWy9of/5zW8I23iOAjxgJMpypY > pXha/1T1W4rDoF7wnpHSWdkGtyFW4bQu3T1vNfU12bLw/d1ehdgcDjLHdYDncKyh > ZZdFQ2BpPYyiHs3+KnZVqixdFna9+lEMOMJddVI1+8dTfRf3JlfZptEbhOp501ko > w/slmqMzpZsx/+20QzI+pXh+jmQy0FFAJh8z0mWsnxdJqNbf9zSmSmvCy4lwirhL > Mht3x2mudhcGk5l3Z+R86QxJiElEWpzdFv0JJRQp1oRwljAncasCGA=> =cNmt > -----END PGP SIGNATURE-----
Hi Steffan, How do I specify the entire mailbox? I only use ACL via telnet. I tried to use *(wildcard) to indicate entire mailbox but I guess that does not work. Will keep looking but appreciate if you could advise briefly. Thanks Kevin On Thu, May 7, 2015 at 3:05 AM, Kevin Laurie <superinterstellar at gmail.com> wrote:> Dear Steffan, > Noted. Thanks for your feedback! > Best Regards > Kevin > > On Wed, May 6, 2015 at 2:12 PM, Steffen Kaiser > <skdovecot at smail.inf.fh-brs.de> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Wed, 6 May 2015, Kevin Laurie wrote: >> >>> By permission I mean (read, write, look-up seen). I dont think symlink >>> will allow these features. >> >> >> Symlinks grant all IMAP permissions, the filesystem level permits. That is, >> with symlinks you cannot selectivly deny permissions easily. >> >>> ACL does support such features. >>> Only problem is that I have to setacl for individual boxes (ie >>> Inbox,Sent,Junk etc.) >> >> >> There are front ends for IMAP ACLs and more importantly for your current >> situation: >> >> http://wiki2.dovecot.org/Tools/Doveadm/ACL >> >> Works great. If you search the list, you will find posts how to grant >> permissions for several or all mailboxes of one account with a tool chain >> using "doveadm mailbox list ". >> >> >>> On Wed, May 6, 2015 at 1:15 PM, Steffen Kaiser >>> <skdovecot at smail.inf.fh-brs.de> wrote: >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> On Tue, 5 May 2015, Kevin Laurie wrote: >>>> >>>>> I am trying to map a account(bob at mydomain.com) to help at mydomain.com. I >>>>> would like him to see/access Inbox,Sent,Junk,Trash of >>>>> help at mydomain.com . What would you reckon would be the best way to do >>>>> this? ACL or Symlink? >>>> >>>> >>>> >>>> to suggest a "best way" we would need to know more about your Dovecot >>>> installation. >>>> >>>>> With symlink, I dont think I will be able to set permissions. >>>> >>>> >>>> >>>> What permissions you are talking of? >>>> >>>>> Is it possible to use ACL to get the entire email account access(the >>>>> inbox, junk, sent etc.)? >>>> >>>> >>>> >>>> With ACLs help can allow bob to access selected mailboxes with selected >>>> IMAP >>>> permissions, if bob may access the mail storage of help on file system >>>> level. ACLs are more powerful, but require more setup. >>>> >>>> I use both ways: >>>> >>>> ACLs to share mailboxes in general, which appear in the users branch, and >>>> symlinks to place SPAM reporting mailboxes right into the namespace of >>>> each >>>> user. >>>> >>>> - -- Steffen Kaiser >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1 >>>> >>>> iQEVAwUBVUmxg3z1H7kL/d9rAQLuHwf/SdVE/ZAH4Tf4/H0EacRvNEn08qUOROGq >>>> eKLpd0p/TFpbHQxfM0YLazH9QEJBIP5mpRWa5U0WVzFiLTfR1UgVPcS3xjJnq+Pl >>>> uR9/vQfUpn/B+viGCsTB8ItKCnTF892mCsiUbiFEs7BeF5jdoTOdHCsHorJL/UKa >>>> bmpTD1ORUeKcA7m075jhTVDB6jwgWRELItIx9W2sqHBu+wfWfMp5lv3qSyOXPLtH >>>> onz+aUYhzAepuAhVI36feMUEwZhzHF+3fvzJmKZJSEQ3BwEZOm0eOqeba4gk52KC >>>> rSCwLZ2aDEwAx9L95MmT+B08M6ChNOuILTiYFlv0o/3G3Qt8qhqHhA=>>>> =Q36P >>>> -----END PGP SIGNATURE----- >>> >>> >> >> - -- Steffen Kaiser >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1 >> >> iQEVAwUBVUm+1Xz1H7kL/d9rAQKe6QgAnKH2zKVKZzfawIEwhpd4qY1fXP1dXNvA >> Ymzsf4i2MSG2hg8d1Nw91kxPQxmamHq98HLgHFjWy9of/5zW8I23iOAjxgJMpypY >> pXha/1T1W4rDoF7wnpHSWdkGtyFW4bQu3T1vNfU12bLw/d1ehdgcDjLHdYDncKyh >> ZZdFQ2BpPYyiHs3+KnZVqixdFna9+lEMOMJddVI1+8dTfRf3JlfZptEbhOp501ko >> w/slmqMzpZsx/+20QzI+pXh+jmQy0FFAJh8z0mWsnxdJqNbf9zSmSmvCy4lwirhL >> Mht3x2mudhcGk5l3Z+R86QxJiElEWpzdFv0JJRQp1oRwljAncasCGA=>> =cNmt >> -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 7 May 2015, Kevin Laurie wrote:> How do I specify the entire mailbox? > I only use ACL via telnet. I tried to use *(wildcard) to indicate > entire mailbox but I guess that does not work.IMAP ACLs do work for one mailbox (in the meaning of one mail folder) only. The command line tool doveadm, that you can run on the mail server itself, can do it easily. If you need to do it over IMAP, use some scripting. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVUr7rnz1H7kL/d9rAQLA3wf+P1Gpus/htx3wQ3XHi7YMwKdZ+ufmqlfj pQz8IqAiBjV2N0GFO4m0Elk5bamSFkI+MjzdYgAJEAG6O7ArJTIhwORPkiTDMcCY pfMHOufegPjVQsKjCvGLrhX48q9uxk/ww1itCPb4egVwgIZovdvrEFpMbXuLnSUz Uh4nTrQ7fUA5EgDciZK7jZAmMmXZRvophPEj/zIG8bDGYA6VvevhRYiUJ45On6Dc jwJV3+o81E63yNiBhiWwsuIGhNHjAQ0JMrdznB+58pLXvkNgs4OvqFK/8TykGay8 fXnZOTtrYa8sKVA9gZFzp8m6brkvCuQGB7UEJLszA0N9EcrXcUpxWQ==2tdP -----END PGP SIGNATURE-----
Possibly Parallel Threads
- Mapping other Inbox method (symlink vs ACL)
- Mapping other Inbox method (symlink vs ACL)
- Mapping other Inbox method (symlink vs ACL)
- found a new bug: "could not make way for new symlink: path/to/symlink" when symlink has replaced folder at source
- samba share is symlink, symlink gets updated, samba doesn't catch the change