2016-05-19 06:51:20 -05:00
<!DOCTYPE html>
2016-01-29 08:28:01 -06:00
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > How to create and manage public folder< / title >
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
< / head >
< body >
< div id = "navigation" >
2016-04-19 12:48:51 -05:00
< a href = "/index.html" target = "_blank" >
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
2016-02-29 02:15:19 -06:00
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "how-to-create-and-manage-public-folder" > How to create and manage public folder< / h1 >
2016-01-29 08:28:01 -06:00
< div class = "toc" >
< ul >
< li > < a href = "#how-to-create-and-manage-public-folder" > How to create and manage public folder< / a > < ul >
< li > < a href = "#enable-public-folder-in-dovecot" > Enable public folder in Dovecot< / a > < / li >
< li > < a href = "#manage-access-control-with-doveadm" > Manage Access Control with doveadm< / a > < / li >
< li > < a href = "#manage-access-control-manually" > Manage Access Control manually< / a > < / li >
2016-03-22 07:26:22 -06:00
< li > < a href = "#troubleshooting" > Troubleshooting< / a > < / li >
2016-07-13 21:16:16 -05:00
< li > < a href = "#use-someones-mailbox-as-public-folder" > Use someone's mailbox as public folder< / a > < / li >
2016-01-29 08:28:01 -06:00
< li > < a href = "#references" > References< / a > < / li >
< li > < a href = "#see-also" > See Also< / a > < / li >
< / ul >
< / li >
< / ul >
< / div >
< p > iRedMail has setting for public folder in < code > /etc/dovecot/dovecot.conf< / code > ,
what you need to do is:< / p >
< ul >
< li > enable the setting for public folder< / li >
< li > choose a preferred directory as public folder< / li >
2016-03-02 22:50:25 -06:00
< li > set proper ACL rules to control the access< / li >
2016-01-29 08:28:01 -06:00
< / ul >
< p > In this tutorial, we will show you how to share a public folder named < code > TestFolder< / code > .< / p >
< h2 id = "enable-public-folder-in-dovecot" > Enable public folder in Dovecot< / h2 >
< p > Find sample settings like below in Dovecot config file < code > /etc/dovecot/dovecot.conf< / code > :< / p >
< pre > < code > # Public mailboxes.
# Refer to Dovecot wiki page for more details:
# http://wiki2.dovecot.org/SharedMailboxes/Public
#namespace {
# type = public
# separator = /
# prefix = Public/
#
# # CONTROL=: Mark this public folder as read-only mailbox
# # INDEX=: Per-user \Seen flag
# location = maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
#
# # Allow users to subscribe to the public folders.
# subscriptions = yes
#}
< / code > < / pre >
< p > Remove comment marks (< code > #< / code > ) for above < code > namespace {}< / code > block, like below:< / p >
< pre > < code > # Public mailboxes.
# Refer to Dovecot wiki page for more details:
# http://wiki2.dovecot.org/SharedMailboxes/Public
namespace {
type = public
separator = /
prefix = Public/
# CONTROL=: Mark this public folder as read-only mailbox
# INDEX=: Per-user \Seen flag
location = maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
# Allow users to subscribe to the public folders.
subscriptions = yes
}
< / code > < / pre >
< p > If you want to share the public folder to all users hosted on same server,
please also remove the comment mark in below line in < code > dovecot.conf< / code > :< / p >
< pre > < code > acl_anyone = allow
< / code > < / pre >
< p > Restarting Dovecot service is required after changed its config file.< / p >
< p > Important notes:< / p >
< ul >
< li > With above setting, it uses < code > /var/vmail/public< / code > as public folder. You're free
to change it to a preferred directory. We use < code > /var/vmail/public/< / code > in this
tutorial for example.< / li >
< li > Please make sure the public folder is owned by user/group < code > vmail:vmail< / code >
with permission < code > 0700< / code > .< / li >
< / ul >
< p > Now let's create required folder and our first shared folder < code > TestFolder< / code > .< / p >
< pre > < code > mkdir -p /var/vmail/public/.TestFolder
2016-08-06 10:21:10 -05:00
chown -R vmail:vmail /var/vmail/public/.TestFolder
chmod -R 0700 /var/vmail/public/.TestFolder
2016-01-29 08:28:01 -06:00
< / code > < / pre >
2016-03-02 22:50:25 -06:00
< div class = "admonition note" >
< p class = "admonition-title" > Notes< / p >
< ul >
< li >
< p > There's a dot in folder name while creating it, it's < code > .TestFolder< / code > , not
< code > TestFolder< / code > . All folders with a prefixed dot will be considered as an
IMAP folder by Dovecot with iRedMail default settings.< / p >
< / li >
< li >
< p > There are no < code > cur/< / code > , < code > new/< / code > or < code > tmp/< / code > directories directly under the
< code > /var/mail/public/< / code > folder, because the < code > Public/< / code > namespace isn't a
mailbox itself. If you create them manually, it does become a selectable
mailbox.< / p >
< / li >
< / ul >
< / div >
2016-01-29 08:28:01 -06:00
< p > With steps above, if you login to webmail (or other IMAP client) as any mail
user hosted on same server, there's no visible public folder at all -- this is
2016-03-02 22:50:25 -06:00
correct, because no one has permission to access this folder right now.< / p >
2016-01-29 08:28:01 -06:00
< h2 id = "manage-access-control-with-doveadm" > Manage Access Control with < code > doveadm< / code > < / h2 >
2016-03-02 22:50:25 -06:00
< p > Before we set any permission, let's check the access control of this public
folder first with command < code > doveadm acl get< / code > :< / p >
2016-01-29 08:28:01 -06:00
< pre > < code > doveadm acl get -A " Public/TestFolder"
< / code > < / pre >
< p > You can see output like below, no access control at all:< / p >
< pre > < code > Username ID Global Rights
< / code > < / pre >
2016-08-06 10:21:10 -05:00
< p > Below is list of all available permissions. Please check < a href = "http://wiki2.dovecot.org/ACL" > Dovecot web
site< / a > for more details or update.< / p >
< div class = "admonition note" >
< p class = "admonition-title" > Permissions< / p >
< table >
< thead >
< tr >
< th > Permission name (short)< / th >
< th > Permission name (full)< / th >
< th > Comment< / th >
< / tr >
< / thead >
< tbody >
< tr >
< td > l< / td >
< td > lookup< / td >
< td > Mailbox is visible in mailbox list. Mailbox can be subscribed to.< / td >
< / tr >
< tr >
< td > r< / td >
< td > read< / td >
< td > Mailbox can be opened for reading.< / td >
< / tr >
< tr >
< td > w< / td >
< td > write< / td >
< td > Message flags and keywords can be changed, except < code > \Seen< / code > and < code > \Deleted< / code > < / td >
< / tr >
< tr >
< td > s< / td >
< td > write-seen< / td >
< td > < code > \Seen< / code > flag can be changed< / td >
< / tr >
< tr >
< td > t< / td >
< td > write-deleted< / td >
< td > < code > \Deleted< / code > flag can be changed< / td >
< / tr >
< tr >
< td > i< / td >
< td > insert< / td >
< td > Messages can be written or copied to the mailbox< / td >
< / tr >
< tr >
< td > p< / td >
< td > post< / td >
< td > Messages can be posted to the mailbox by LDA, e.g. from Sieve scripts< / td >
< / tr >
< tr >
< td > e< / td >
< td > expunge< / td >
< td > Messages can be expunged< / td >
< / tr >
< tr >
< td > k< / td >
< td > create< / td >
< td > Mailboxes can be created (or renamed) directly under this mailbox< / td >
< / tr >
< tr >
< td > x< / td >
< td > delete< / td >
< td > Mailbox can be deleted< / td >
< / tr >
< tr >
< td > a< / td >
< td > admin< / td >
< td > Administration rights to the mailbox (currently: ability to change ACLs for mailbox)< / td >
< / tr >
< / tbody >
< / table >
< / div >
< p > With shell command below, we grant some permissions to user
2016-03-02 22:50:25 -06:00
< code > postmaster@test.com< / code > (again, this user is hosted on same server):< / p >
2016-08-06 10:21:10 -05:00
< pre > < code > doveadm acl set -A " Public/TestFolder" " user=postmaster@test.com" lookup read write write-seen write-deleted insert delete expunge create
2016-01-29 08:28:01 -06:00
< / code > < / pre >
2016-03-02 22:50:25 -06:00
< p > Check the ACl with < code > doveadm< / code > again:< / p >
2016-01-29 08:28:01 -06:00
< pre > < code > # doveadm acl get -A " Public/TestFolder"
Username ID Global Rights
2016-03-02 22:56:12 -06:00
postmaster@a.cn user=postmaster@test.com create delete expunge insert lookup read write
2016-01-29 08:28:01 -06:00
< / code > < / pre >
< p > If you now login to webmail (or other IMAP client) as user < code > postmaster@test.com< / code > ,
you can see a new folder < code > TestFolder< / code > .< / p >
2016-03-02 22:50:25 -06:00
< p > With shell command below, we grant all users hosted on same server < code > lookup< / code > ,
and < code > read< / code > permissions:< / p >
2016-01-29 08:28:01 -06:00
< pre > < code > doveadm acl set -A " Public/TestFolder" " anyone" lookup read
< / code > < / pre >
< p > Check the ACl with < code > doveadm< / code > now:< / p >
< pre > < code > # doveadm acl get -A " Public/TestFolder"
Username ID Global Rights
postmaster@a.cn anyone lookup read
2016-03-02 22:56:12 -06:00
postmaster@a.cn user=postmaster@test.com create delete expunge insert lookup read write
2016-01-29 08:28:01 -06:00
< / code > < / pre >
< p > If you login to webmail (or other IMAP client) as any user hosted on same
server, you can see a new folder < code > TestFolder< / code > .< / p >
2016-03-02 22:50:25 -06:00
< p > With shell command below we delete access control for user < code > postmaster@test.com< / code > :< / p >
2016-01-29 08:28:01 -06:00
< pre > < code > doveadm acl delete -A " Public/TestFolder" " user=postmaster@test.com"
< / code > < / pre >
2016-03-02 22:50:25 -06:00
< p > For more details about ACL control, please read Dovecot tutorials mentioned in
< a href = "#references" > References< / a > below.< / p >
2016-01-29 08:28:01 -06:00
< h2 id = "manage-access-control-manually" > Manage Access Control manually< / h2 >
2016-03-02 22:50:25 -06:00
< div class = "admonition note" >
< p class = "admonition-title" > Note< / p >
2016-01-29 08:28:01 -06:00
< ul >
< li > if you're running Dovecot-2, it's recommended to manage ACL with < code > doveadm< / code >
command.< / li >
< li > Dovecot will create file < code > /var/vmail/public/dovecot-acl-list< / code > automatically,
it lists all mailboxes that have < code > l< / code > rights assigned. If you manually
add/edit < code > dovecot-acl< / code > files, you may need to delete the < code > dovecot-acl-list< / code >
to get the mailboxes visible.< / li >
< / ul >
2016-03-02 22:50:25 -06:00
< / div >
2016-01-29 08:28:01 -06:00
< p > Access permission is controlled in file < code > dovecot-acl< / code > under each shared folder,
let's create it before showing you some examples:< / p >
< pre > < code > touch /var/vmail/public/.TestFolder/dovecot-acl
chown vmail:vmail /var/vmail/public/.TestFolder/dovecot-acl
chmod 0700 /var/vmail/public/.TestFolder/dovecot-acl
< / code > < / pre >
2016-03-02 22:50:25 -06:00
< p > With shell command below, we grant < code > lookup< / code > (l), < code > read< / code > (r), < code > write< / code > (w),
2016-03-02 22:56:12 -06:00
< code > insert< / code > (i), < code > delete< / code > (x), < code > expunge< / code > (e) and < code > create sub-directory< / code > (k) permissions to user
2016-03-02 22:50:25 -06:00
< code > postmaster@test.com< / code > (again, this user is hosted on same server):< / p >
2016-03-02 22:56:12 -06:00
< pre > < code > echo 'user=postmaster@test.com lrwixke' > > /var/vmail/public/.TestFolder/dovecot-acl
2016-01-29 08:28:01 -06:00
< / code > < / pre >
2016-03-02 22:50:25 -06:00
< p > With shell command below, we grant all users < code > lookup< / code > (l) and < code > read< / code > (r)
permissions:< / p >
< div class = "admonition note" >
< p class = "admonition-title" > Reminder< / p >
< p > It requires Dovecot setting < code > acl_anyone = allow< / code > in < code > dovecot.conf< / code > .< / p >
< / div >
2016-01-29 08:28:01 -06:00
< pre > < code > echo 'anyone lr' > > /var/vmail/public/.TestFolder/dovecot-acl
< / code > < / pre >
2016-03-22 07:26:22 -06:00
< h2 id = "troubleshooting" > Troubleshooting< / h2 >
< ul >
< li >
< p > If public folder doesn't work as expected, please < a href = "./debug.dovecot.html" > turn on debug mode in
Dovecot< / a > to get debug message. If you don't understand
the debug message, you can post them to our < a href = "../forum/" > online support forum< / a >
to get help.< / p >
< / li >
< li >
< p > It's also a good idea to run < code > doveadm< / code > command with < code > -D< / code > flag to turn on
verbose logging, like below:< / p >
< / li >
< / ul >
< pre > < code > doveadm -D acl ...
< / code > < / pre >
2016-07-13 21:16:16 -05:00
< h2 id = "use-someones-mailbox-as-public-folder" > Use someone's mailbox as public folder< / h2 >
< p > If you want to use someone's mailbox as public folder, here's a simplest way to
achieve it.< / p >
< p > Let's say you want to share user < code > public@domain.com< / code > 's mailbox as public folder
2016-07-13 21:48:54 -05:00
< code > PublicMailbox< / code > , and its maildir path is
2016-07-13 21:16:16 -05:00
< code > /var/vmail/vmail1/domain.com/p/u/b/public-20160714100502/Maildir/< / code > . What you
2016-07-13 21:48:54 -05:00
need to do are:< / p >
< ul >
< li > creating a symbol link to this maildir path like below< / li >
< li > set proper ACL with < code > doveadm acl< / code > (check steps above)< / li >
< / ul >
< div class = "admonition warning" >
< p class = "admonition-title" > Warning< / p >
< p > There's a dot prepended in public mailbox name, it's < code > public/.PublicMailbox< / code > ,
not < code > public/PublicMailbox< / code > .< / p >
< / div >
2016-07-13 21:16:16 -05:00
< pre > < code > ln -s /var/vmail/vmail1/domain.com/p/u/b/public-20160714100502/Maildir /var/vmail/public/.PublicMailbox
< / code > < / pre >
2016-01-29 08:28:01 -06:00
< h2 id = "references" > References< / h2 >
< ul >
< li >
< p > Dovecot official documents:< / p >
< ul >
< li > < a href = "http://wiki2.dovecot.org/SharedMailboxes/Public" > Public Mailboxes< / a > < / li >
< li > < a href = "http://wiki2.dovecot.org/ACL" > Access Control Lists< / a > < / li >
< li > < a href = "http://wiki2.dovecot.org/Tools/Doveadm/ACL" > Manage Access Control List with doveadm< / a > < / li >
< / ul >
< / li >
< / ul >
< h2 id = "see-also" > See Also< / h2 >
< ul >
< li > < a href = "./mailbox.sharing.html" > Mailbox sharing< / a > < / li >
2016-05-19 06:51:20 -05:00
< / ul > < div class = "footer" >
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://bitbucket.org/zhb/iredmail-docs/src" > BitBucket repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "http://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
< / div >
< script type = "text/javascript" >
2016-01-29 08:28:01 -06:00
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
< / script >
< / body > < / html >