On 10.6.2010, at 1.16, Tom Lieuallen wrote: > I'm having real difficulty with the acl_shared_dict configuration. I'd > prefer to just use a flat file, as I don't anticipate using shared folders > very frequently. I don't need a database and would greatly prefer not to > have a dependency on our database service. So, with this setting: > > acl_shared_dict = file:/private/dovecot/var/etc/shared-mailboxes > > The '../var/etc' directory is something like 755. I have to create the file > first and make it 666.
That should work. > When it is updated, ownership & permissions are changed such that the user > giving acl permissions then owns the file and it's 600. That shouldn't happen. It should preserve the original file permissions. If the file doesn't exist, it should get parent directory's permissions and use them. Wonder if the problem is the parent dir's permissions? It's of course also possible that there is a bug. It would speed things up a bit if you could try this with latest v2.0 nightly snapshot if it's still broken: http://dovecot.org/nightly/dovecot-latest.tar.gz > I tried setting it back to 644 afterward, so other users could read it, but > they tried setting a lock in that dir as well. Yes, lock files are created every time the file is updated (it's recreated every time). > I tried this: > > acl_shared_dict = > file:/private/dovecot/var/etc/shared-list/shared-mailboxes-%u That just won't work (or at least do anything useful). Each user would have his own file, and no one else would see it. > My second choice was to use sqlite for this acl_shared_dict, but, even though > I compiled dovecot with sqlite support and 'ldd' shows that '../libexec/dict' > is linked against sqlite libraries, when I tried this config: > > acl_shared_dict = sqlite:/private/dovecot/etc/acl-shared-dict.conf > > I get this, and dovecot fails to start up. > > EUnknown dict module: sqlite Right. This is because typically all except file backend goes through dict process, and you need to use proxy backend to do that. See for example quota dict configuration. > Furthermore, in this vein, I don't really know what the shared namespace > should even look like. I've been trying the imap commands LIST and MYRIGHTS > to verify access, but there are simply no examples. I'd rather expect this > to work: > > x myrights shared/fromuser/folder > > but all I get is mailbox doesn't exist. I know 'shared' is the namespace, > but I just don't know how it should really be referred to. That should work.. The important thing (in your setup that uses %h) is that "fromuser"'s userdb lookup returns the expected home directory for the user. So the username should be the same as what the user logs in with. > Personally, I can live without the acl_shared_dict (from what I understand). > I don't need to see the shared path for subscription, I'd just manually add > the folder path to the .subscriptions file for the handful of users that need > it. I just don't think it's working, though. That should work, yes. > On a related note, I thought I'd increase debugging to see if that helped out > any. When I change 'mail_debug' to 'yes', as soon as I issue the imap login > command, it logs some stuff, then kicks me out. > > Jun 09 15:57:53 IMAP(tom2): Info: acl: initializing backend with data: vfile > Jun 09 15:57:53 IMAP(tom2): Info: acl: acl username = tom2 > Jun 09 15:57:53 IMAP(tom2): Info: acl: owner = 1 > Jun 09 15:57:53 dovecot: Error: child 6000 (imap) killed with signal 11 (core > dumps disabled) Signal 11 means a crash. It's always a bug. A gdb backtrace would be helpful in fixing it. See http://dovecot.org/bugreport.html > I have been frustrated by the shared namespace documentation. I've been > through it again and again, but haven't found the answers I've been looking > for. I guess it's not ideal yet, but I don't yet have any ideas how to improve it. Maybe once you get it working, you could suggest something? > namespace shared { > location = mbox:%%h/mail/shared:INDEX=%%h/mail/shared/.imap Don't set the :INDEX directory that way. It probably won't break anything, but it's confusing. Root level mailbox indexes share the indexes with the originating user, but non-root level mailboxes are added under shared/.imap/ directory rather than shared/sub/.imap/ directory. Although .. the whole idea of using mail/shared here doesn't really seem right. You want users to be able to share only mailboxes under shared/ and show them as shared/user/.. without the additional shared? I don't think I've tried that kind of a setup before. Maybe it should work .. maybe it does work and isn't the problem. But try removing that first and see if it's actually the cause of your problem. Also I'm not sure if I ever tried using mbox for shared mailboxes, but I think it should work..
