ACL on shared folder

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

ACL on shared folder

T.Robers
Hello everybody,

we're using shared mailboxes as an archive to which
everyone has full rights, set with doveadm. The rights
look like this:

doveadm acl get -u [hidden email] shared/[hidden email]

ID                     Global Rights

user=[hidden email]   admin create delete expunge insert lookup \
                        post read write write-deleted write-seen

Looking at this i would this i would think i should be able to
move an existing folder to shared/[hidden email]. But i get
a "permission denied".

A rawlog session from trying to copy looks like this:

1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY
THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT
CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES
WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NOTIFY ACL RIGHTS=texk] Logged in
* ID ("name" "Dovecot")
2 OK ID completed (0.001 + 0.000 secs).
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1510573115] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
3 OK [READ-WRITE] Select completed (0.005 + 0.000 + 0.004 secs).
* MYRIGHTS shared/[hidden email]/IT-Sachen/blablub lrwstipekxacd
4 OK Myrights completed (0.001 + 0.000 secs).
+ idling
* OK Still here
5 OK Idle completed (4.007 + 4.006 + 4.006 secs).
6 OK NOOP completed (0.001 + 0.000 secs).
+ idling
7 OK Idle completed (42.014 + 42.013 + 42.013 secs).
8 OK List completed (0.015 + 0.000 + 0.014 secs).
9 OK Close completed (0.001 + 0.000 secs).
10 NO [NOPERM] Permission denied (0.005 + 0.000 + 0.004 secs).

I don't understand why there's a permission denied because doveadm tells something else.
The shared mailbox folder ist the inbox of the account [hidden email]

What has to be changed that it's possible to save messages or to create folders
in resp. under a shared inbox, or is this not possible?

Any suggestion is welcome.

Tia
Thomas

My configuration:

# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 2.6.32-696.13.2.el6.x86_64 x86_64 CentOS release 6.9 (Final) ext4
auth_debug = yes
auth_debug_passwords = yes
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
doveadm_password =  # hidden, use -P to show it
doveadm_port = 12345
imap_max_line_length = 2 M
mail_debug = yes
mail_location = maildir:/export/home/imap/%Lu/Maildir
mail_plugins = acl mail_log notify
mailbox_idle_check_interval = 10 secs
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace {
   hidden = no
   ignore_on_failure = no
   inbox = no
   list = children
   location = maildir:%%h/Maildir:INDEXPVT=%h/shared/%%u
   prefix = shared/%%u/
   separator = /
   subscriptions = yes
   type = shared
}
namespace inbox {
   hidden = no
   inbox = yes
   list = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix = INBOX/
   separator = /
   type = private
}
passdb {
   args = /etc/dovecot/master-users
   driver = passwd-file
   master = yes
}
passdb {
   args = /etc/dovecot/dovecot-ldap.conf.ext
   driver = ldap
}
plugin {
   acl = vfile:/etc/dovecot/global-acls:cache_secs=300
   acl_shared_dict = file:/export/home/shared-db/shared-mailboxes
   mail_log_events = append delete undelete expunge copy mailbox_delete mailbox_rename flag_change
   mail_log_fields = uid box msgid size from flags
   mail_replica = tcp:mail2.example.com
   sieve = ~/.dovecot.sieve
   sieve_dir = ~/sieve
   sieve_global = /var/lib/dovecot/sieve/global/
   sieve_user_log = ~/.dovecot.sieve.log
}
protocols = imap pop3 lmtp sieve
service aggregator {
   fifo_listener replication-notify-fifo {
     mode = 0666
     user = vmail
   }
   unix_listener replication-notify {
     mode = 0666
     user = vmail
   }
}
service auth {
   unix_listener /var/spool/postfix/private/auth {
     mode = 0666
   }
   unix_listener auth-userdb {
     group = vmail
     mode = 0660
     user = vmail
   }
}
service config {
   unix_listener config {
     user = vmail
   }
}
service doveadm {
   inet_listener {
     port = 12345
   }
   user = vmail
}
service imap-login {
   inet_listener imaps {
     port = 993
     ssl = yes
   }
   process_limit = 500
   process_min_avail = 20
}
service imap {
   executable = imap postlogin
}
service lmtp {
   inet_listener lmtp {
     address = 127.0.0.1
     port = 24
   }
}
service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
   inet_listener sieve_deprecated {
     port = 2000
   }
}
}
service pop3-login {
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}
service pop3 {
   executable = pop3 postlogin
}
service postlogin {
   executable = script-login -d rawlog
}
service replicator {
   unix_listener replicator-doveadm {
     mode = 0666
   }
}
ssl = required
ssl_cert = </etc/pki/dovecot/certs/mail2.example.com.crt_chain
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!EXPORT
ssl_key =  # hidden, use -P to show it
ssl_protocols = !SSLv3 !SSLv2
syslog_facility = local6
userdb {
   args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
   driver = ldap
}
protocol lmtp {
   mail_plugins = acl mail_log notify sieve
}
protocol imap {
   mail_max_userip_connections = 100
   mail_plugins = acl mail_log notify imap_acl
   rawlog_dir = /tmp/rawlog/%u
}