Hi at all,
I have a problem with ACL; I want to share INBOX and Sent folder to an
other user, but when I configure ACL on INBOX, all folders are shared
(Sent, Junk, Draft, Trash, etc)
# doveadm acl get -u janedoe INBOX
ID Global Rights
user=johndoe expunge insert lookup post read write write-deleted
write-seen
# doveadm acl get -u janedoe Sent
ID Global Rights
user=johndoe expunge insert lookup post read write write-deleted
write-seen
# doveadm acl get -u janedoe Trash
ID Global Rights
# doveadm acl get -u janedoe Drafts
ID Global Rights
# doveadm acl get -u janedoe Junk
ID Global Rights
# doveadm mailbox list -u johndoe
Trash
Junk
Drafts
Sent
Archives
Archives.2015
Other Users
Other Users.janedoe
Other Users.janedoe.Junk
Other Users.janedoe.Drafts
Other Users.janedoe.Sent
Other Users.janedoe.Trash
Other Users.janedoe.INBOX
INBOX
If I remove the INBOX ACL, only 'Sent' folder is shared, as expected:
# doveadm acl delete -u janedoe INBOX johndoe
# doveadm mailbox list -u provahe
Trash
Trash.saved-messages
Junk
Drafts
Sent
INBOX_spam
Archives
Archives.2015
Archives.2015.INBOX_spam
Other Users
Other Users.janedoe
Other Users.janedoe.Sent
INBOX
My Dovecot instance use a single user, and all my mailboxes use standard
maildir files:
drwx------ 9 vmail mail 0 Jul 28 10:59 .
drwx------ 12 vmail mail 3864 Jul 28 09:39 ..
drwx------ 2 vmail mail 0 Jul 28 09:51 cur
-rw------- 1 vmail mail 0 Jul 28 10:59 dovecot-acl
-rw------- 1 vmail mail 16 Jul 28 10:59 dovecot-acl-list
-rw------- 1 vmail mail 1448 Jul 28 09:51 dovecot.index.cache
-rw------- 1 vmail mail 1016 Jul 28 09:52 dovecot.index.log
-rw------- 1 vmail mail 113 Jul 28 09:51 dovecot-uidlist
-rw------- 1 vmail mail 8 Jul 28 09:39 dovecot-uidvalidity
-r--r--r-- 1 vmail mail 0 Jul 28 09:39 dovecot-uidvalidity.55b731ac
drwx------ 5 vmail mail 0 Jul 28 09:39 .Drafts
lrwxrwxrwx 1 vmail mail 5 Jul 28 09:39 .INBOX_spam -> .Junk
drwx------ 5 vmail mail 0 Jul 28 09:39 .Junk
-rw------- 1 vmail mail 16 Jul 28 09:39 maildirsize
drwx------ 2 vmail mail 0 Jul 28 09:51 new
drwx------ 5 vmail mail 0 Jul 28 09:50 .Sent
-rw------- 1 vmail mail 37 Jul 28 09:39 subscriptions
drwx------ 2 vmail mail 0 Jul 28 09:51 tmp
drwx------ 5 vmail mail 0 Jul 28 09:39 .Trash
any clue to solve my problem ?? I've already try to play with
'acl_defaults_from_inbox' setting, but no way ..
Thank you,
Marco
# 2.2.15: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.6 (3e924b1b6c5c+)
# OS: Linux 2.6.18-400.1.1.el5 x86_64 Red Hat Enterprise Linux Server
auth_master_user_separator = *
auth_mechanisms = plain login
disable_plaintext_auth = no
doveadm_password = XXXXXXXXXXXXXXXXXXXXXXXX
doveadm_port = 12345
first_valid_uid = 200
hostname = xxxxxxx.sissa.it
imap_client_workarounds = delay-newmail
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
lda_original_recipient_header = X-Original-To
listen = *
login_log_format_elements = user=<%u> PID=%p method=%m rip=%r lip=%l %c
login_trusted_networks = XXX.XXX.1.172/30 XXX.XXX.24.0/23
mail_gid = mail
mail_home = /var/spool/mail/%1n/%n
mail_location =
maildir:/var/spool/mail/%1n/%n:INDEX=/var/shared/indexes/%1n/%n
mail_plugins = acl fts fts_solr mailbox_alias quota
mail_shared_explicit_inbox = yes
mail_uid = vmail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate imapflags notify
mbox_write_locks = fcntl
mmap_disable = yes
namespace archives {
hidden = no
inbox = no
list = children
location =
maildir:/var/spool/archives/%1n/%n:INDEX=/var/shared/indexes/%1n/%n/archives
mailbox 2015 {
auto = subscribe
special_use = \Archive
}
prefix = Archives.
separator = .
subscriptions = no
type = private
}
namespace inbox {
inbox = yes
location mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox INBOX_spam {
auto = subscribe
special_use = \Junk
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix separator = .
}
namespace others {
list = children
location =
maildir:/var/spool/mail/%%1n/%%n:INDEXPVT=/var/shared/indexes/%1n/%n/shared/%%n
prefix = Other Users.%%n.
separator = .
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
acl_defaults_from_inbox = no
acl_shared_dict = file:/var/shared/dovecot/shared-mailboxes.dict
fts = solr
fts_autoindex = yes
fts_autoindex_max_recent_msgs = 20
fts_solr = url=http://solr.localdomain:8080/solr/
mailbox_alias_new = INBOX_spam
mailbox_alias_old = Junk
quota = maildir:User quota:ns quota2 = maildir:Archive quota:ns=Archives.
quota2_rule = *:storage=20GB
quota2_warning = storage=95%% quota2-warning 95 %u
quota2_warning2 = storage=90%% quota2-warning 90 %u
quota2_warning3 = storage=80%% quota2-warning 80 %u
quota_rule = *:storage=5GB
quota_rule2 = Trash:storage=+20%%
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Quota exceeded (mailbox for user
is full)
quota_status_success = DUNNO
quota_warning = storage=100%% quota-warning 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=80%% quota-warning 80 %u
sieve = file:~/sieve;active=~/sieve/.dovecot.sieve
sieve_default = /etc/dovecot/sieve/dovecot.sieve
sieve_extensions = +notify +imapflags
sieve_max_redirects = 16
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = postmaster at sissa.it
protocols = imap pop3 lmtp sieve
rejection_reason = Your message to <%t> was automatically rejected for
the following reason: %n%n%r
service auth {
inet_listener {
port = 49494
}
unix_listener auth-userdb {
user = vmail
}
}
service dict {
unix_listener dict {
user = vmail
}
}
service doveadm {
inet_listener {
port = 26001
}
}
service imap-login {
process_min_avail = 16
service_count = 0
}
service imap {
process_limit = 2048
}
service lmtp {
inet_listener lmtp {
port = 24
}
process_min_avail = 5
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
process_min_avail = 16
service_count = 0
vsz_limit = 256 M
}
service quota-status {
client_limit = 1
executable = /usr/libexec/dovecot/quota-status -p postfix
inet_listener {
port = 25001
}
}
service quota-warning {
executable = script /usr/local/bin/dovecot-quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = vmail
}
service quota2-warning {
executable = script /usr/local/bin/dovecot-quota2-warning.sh
unix_listener quota2-warning {
user = vmail
}
user = vmail
}
ssl_cert = </etc/pki/dovecot/certs/xxxxx-crt.pem
ssl_key = </etc/pki/dovecot/private/Xxxxx-key.pem
ssl_protocols = !SSLv2 !SSLv3
submission_host = xxxxxx.sissa.it:25
syslog_facility = local2
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lmtp {
mail_plugins = acl fts fts_solr mailbox_alias quota sieve
postmaster_address = xxxxxxx at sissa.it
}
protocol lda {
info_log_path log_path mail_plugins = acl fts fts_solr mailbox_alias
quota sieve
syslog_facility = local2
}
protocol imap {
mail_max_userip_connections = 50
mail_plugins = acl fts fts_solr mailbox_alias quota imap_quota imap_acl
}
protocol sieve {
mail_max_userip_connections = 50
}
protocol pop3 {
mail_max_userip_connections = 50
}
--
-----------------------------------
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: giunta at sissa.it |
-----------------------------------
> On Jul 28, 2015, at 05:13, Marco Giunta <giunta at sissa.it> wrote: > > Hi at all, > I have a problem with ACL; I want to share INBOX and Sent folder to an other user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk, Draft, Trash, etc)Hello, Marco. Unfortunately I don?t know why you are seeing the behavior you are, and hope that someone else will be able to help. However, you seem to have accomplished something I?m wanting to do, and have as yet been unable to get working. I have a Users INBOX that I want to share to other users, but something is wrong with the way I?ve configured ACLs and sharing. Perhaps we could discuss off-list more of what your configuration looks like, and how you got there? I?m running on FreeBSD with the ports system version of dovecot2 2.2.16, currently, although I think I?m due an upgrade. You say you?re have "My Dovecot instance use a single user?, and I think that?s different than I. My Maildir directories and files are all owned by the UNIX user that owns the file. Maybe this is causing me the permissions problems I?m seeing. Is having it all running as one [UNIX] user a typical configuration for dovecot2? Or just typical of installations using ACLs? Thank you. - Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://dovecot.org/pipermail/dovecot/attachments/20150728/8fe757fa/attachment.sig>
Hi Chris,
fortunately I've solved the problem with INBOX sharing: there is a bug
with option 'acl_defaults_from_inbox'. When you define it with ANY value
('yes', 'no', 'whatyouwant', 'xxx') it acts like
the value is ALWAYS
'yes', the only way to disable it, is comment it or delete from
configuration file.
> My Maildir directories and files are all owned by the UNIX user that
owns the file.
to avoid problems with acl, mailbox sharing and so on, I've changed my
configuration from different UNIX users to a single virtual user some
years ago
> Is having it all running as one [UNIX] user a typical configuration
for dovecot2? Or just typical of installations using ACLs?
I don't know if is typical or not, but it is very simple, and till now I
didn't seen any particular problem
My configuration is attached in the first email; if you need some
explanation, let me know.
Marco
On 2015-07-28 16:38, Chris Ross wrote:>
>> On Jul 28, 2015, at 05:13, Marco Giunta <giunta at sissa.it>
wrote:
>>
>> Hi at all,
>> I have a problem with ACL; I want to share INBOX and Sent folder to an
other user, but when I configure ACL on INBOX, all folders are shared (Sent,
Junk, Draft, Trash, etc)
>
> Hello, Marco. Unfortunately I don?t know why you are seeing the
behavior you are, and hope that someone else will be able to help.
>
> However, you seem to have accomplished something I?m wanting to do, and
have as yet been unable to get working. I have a Users INBOX that I want to
share to other users, but something is wrong with the way I?ve configured ACLs
and sharing.
>
> Perhaps we could discuss off-list more of what your configuration looks
like, and how you got there? I?m running on FreeBSD with the ports system
version of dovecot2 2.2.16, currently, although I think I?m due an upgrade.
>
> You say you?re have "My Dovecot instance use a single user?, and I
think that?s different than I. My Maildir directories and files are all owned
by the UNIX user that owns the file. Maybe this is causing me the permissions
problems I?m seeing. Is having it all running as one [UNIX] user a typical
configuration for dovecot2? Or just typical of installations using ACLs?
>
> Thank you.
>
> - Chris
>
--
-----------------------------------
|Marco Giunta - SISSA Computer Staff|
|Via Bonomea, 265 |
|34136 - Trieste, Italy |
|Tel: +39-40-3787-503 |
|Fax: +39-040-3787-244 |
|e-mail: giunta at sissa.it |
-----------------------------------
[- resend to the list from my list address -]> On Jul 28, 2015, at 05:13, Marco Giunta <giunta at sissa.it> wrote: > > Hi at all, > I have a problem with ACL; I want to share INBOX and Sent folder to an other user, but when I configure ACL on INBOX, all folders are shared (Sent, Junk, Draft, Trash, etc)Hello, Marco. Unfortunately I don?t know why you are seeing the behavior you are, and hope that someone else will be able to help. However, you seem to have accomplished something I?m wanting to do, and have as yet been unable to get working. I have a Users INBOX that I want to share to other users, but something is wrong with the way I?ve configured ACLs and sharing. Perhaps we could discuss off-list more of what your configuration looks like, and how you got there? I?m running on FreeBSD with the ports system version of dovecot2 2.2.16, currently, although I think I?m due an upgrade. You say you?re have "My Dovecot instance use a single user?, and I think that?s different than I. My Maildir directories and files are all owned by the UNIX user that owns the file. Maybe this is causing me the permissions problems I?m seeing. Is having it all running as one [UNIX] user a typical configuration for dovecot2? Or just typical of installations using ACLs? Thank you. - Chris
Reasonably Related Threads
- BUG: service(auth) crash when quota-status lookup an address with local-part starting with auth_master_user_separator
- bug in acl_defaults_from_inbox option
- Dovecot 2.3.0, Panic: file mailbox-attribute.c: line 362 (mailbox_attribute_get_stream): assertion failed: (value_r->value != NULL || value_r->value_stream != NULL)
- BUG: Error: dovecot.index.pvt reset, view is now inconsistent when shared folder is new and empty
- BUG: panic when using fs:posix as dict for acl_shared_dict