Chris, I do indeed have an acl_shared_dict set up. That may be the ticket. That makes it so that the IMAP server knows that you have acls on the other mailbox, so it can know to then look in that mailbox to find out precisely what the ACLs are.
Cheers, Andy May 28 2015 12:49 AM, "Chris Ross" <[email protected]> wrote: > On May 27, 2015, at 22:57 , Chris Ross <[email protected]> wrote: > >> On May 25, 2015, at 15:55 , [email protected] wrote: >>> When I set them up that way, I shared the target inbox (we'll call it >>> [email protected]) to be >>> accessible by user [email protected]. When I go into my email client, I'll >>> see something like: >>> shared/[email protected]/INBOX as a folder. >> >> When you say "set them up that way", do you mean following the example >> config at >> SharedMailboxes/Shared ? In that example, a mail_location is set at the >> outer level, which I think >> I don't want to do, and overridden in the shared namespace. I'm assuming I >> don't want either of >> those, or at least that's what I'm going to try first. >> >> A question I have given your example above, is, did you set >> mail_shared_explicit_inbox ? It's only >> briefly described what that effects, so I'm not sure which setting (on or >> off) will cause the >> shared/[email protected]/INBOX you describe seeing. I assume on, so I've >> turned it on. >> >>> The boxes don't have to be shared publicly if you use the "private" >>> namespace. >> >> By "use the "private" namespace", do you mean specifying a separate >> namespace block in the config, >> like the one is declared in the example at >> http://wiki2.dovecot.org/SharedMailboxes/Shared ? If so, >> that's what I've done. If there is a way to have a single namespace declared >> that's both private >> and shared, I don't see that, so I have two as presented on that wiki page. > > Okay. Lots of trial and error and error, and I at least have some > configuration that I think > includes pieces about shared mailboxes and ACLs, and it's actually up and > running. But, I'm not > seeing the shared folder. > > I was getting a lot of errors about separators (namespace configuration > error: All list=yes > namespaces must use the same separator) and prefixes (namespace configuration > error: list=yes > requires prefix=/ not to start with separator), but have it working now. The > namespace private > block from the example at http://wiki2.dovecot.org/SharedMailboxes/Public > caused many of those > problems, and I didn't have a separator configured at all (ie, was still > commented out) in my main > namespace, so that apparently conflicted with the "separator = /" in the > shared namespace. But, all > that resolved. > > The config file I've added into conf.d/15-shared.conf is: > > namespace { > type = shared > separator = / > prefix = shared/%%u/ > location = > maildir:/home/%%n/Maildir:INDEX=~/Maildir/shared/%%u:INDEXPVT=~/Maildir/shared/%%u > subscriptions = no > list = children > } > mail_shared_explicit_inbox = yes > protocol imap { > mail_plugins = $mail_plugins acl imap_acl > } > plugin { > acl = vfile > } > > This comes from the aforementioned wiki page. I ran the doveadm acl command > you suggested (though > my usernames have no domain part, like your example did have domain parts) > > Now, while dovecot is back to working, I don't see a shared folder anywhere. > "doveadm mailbox list" > lists the mailboxes for users, including the INBOX I've tried to configure an > ACL to let me share. > > Clearly I'm missing a piece. Andy, or anyone else, if you see what I've > missed, please let me know. > I'm not seeing anything back from the server with my mail client under > "Subscription List", so I > can't choose to subscribe. Maybe I've turned off subscriptions somehow, and > it's not > auto-subscribing me? Or, maybe having "list=children", and I haven't set up > the ACL correctly? > > I ran: > > sudo doveadm acl add -u childuser INBOX user=cross lookup read write > write-seen write-deleted > insert post expunge create delete admin > > After removing the domains from your example, that's about what you had. I > can see the INBOX for > childuser with "doveadm mailbox list -u childuser". > > Ahh. I think I may be on to something. I tried the "doveadm acl add" again, > which seems to succeed, > but "doveadm acl debug" then doesn't mention anything about me, or my access > to childuser's INBOX. > Running the "acl add" with "doveadm -D" shows: > > doveadm(childuser): Debug: acl: No acl_shared_dict setting - shared mailbox > listing is disabled > > and later: > > doveadm(childuser): Debug: acl vfile: Global ACLs disabled > > The first of those looks like it might be a problem. Do you have an > "acl_shared_dict" set up in > your config anywhere, Andy? > > Thanks. Any help appreciated. > > - Chris
