6.1 KiB
How to create and manage public folder
[TOC]
iRedMail has setting for public folder in /etc/dovecot/dovecot.conf
,
what you need to do is:
- enable the setting for public folder
- choose a preferred directory as public folder
- create ACL file to control the access
In this tutorial, we will show you how to share a public folder named TestFolder
.
Enable public folder in Dovecot
Find sample settings like below in Dovecot config file /etc/dovecot/dovecot.conf
:
# Public mailboxes.
# Refer to Dovecot wiki page for more details:
# http://wiki2.dovecot.org/SharedMailboxes/Public
#namespace {
# type = public
# separator = /
# prefix = Public/
#
# # CONTROL=: Mark this public folder as read-only mailbox
# # INDEX=: Per-user \Seen flag
# location = maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
#
# # Allow users to subscribe to the public folders.
# subscriptions = yes
#}
Remove comment marks (#
) for above namespace {}
block, like below:
# Public mailboxes.
# Refer to Dovecot wiki page for more details:
# http://wiki2.dovecot.org/SharedMailboxes/Public
namespace {
type = public
separator = /
prefix = Public/
# CONTROL=: Mark this public folder as read-only mailbox
# INDEX=: Per-user \Seen flag
location = maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
# Allow users to subscribe to the public folders.
subscriptions = yes
}
If you want to share the public folder to all users hosted on same server,
please also remove the comment mark in below line in dovecot.conf
:
acl_anyone = allow
Restarting Dovecot service is required after changed its config file.
Important notes:
- With above setting, it uses
/var/vmail/public
as public folder. You're free to change it to a preferred directory. We use/var/vmail/public/
in this tutorial for example. - Please make sure the public folder is owned by user/group
vmail:vmail
with permission0700
.
Now let's create required folder and our first shared folder TestFolder
.
Attention: there's a dot in folder name while creating it, it's
.TestFolder
, notTestFolder
. All folders with a prefixed dot will be considered as an IMAP folder by Dovecot with iRedMail default settings.
mkdir -p /var/vmail/public/.TestFolder
chown -R vmail:vmail /var/vmail/public
chmod -R 0700 /var/vmail/public
Note that there are no
cur/
,new/
ortmp/
directories directly under the/var/mail/public/
, because thePublic/
namespace isn't a mailbox itself. (If you create them manually, it does become a selectable mailbox.)
With steps above, if you login to webmail (or other IMAP client) as any mail user hosted on same server, there's no visible public folder at all -- this is correct, because no one has permission to access this folder.
Manage Access Control with doveadm
Before we set any permission, let's check the access control of this public folder:
doveadm acl get -A "Public/TestFolder"
You can see output like below, no access control at all:
Username ID Global Rights
- With shell command below, we grant
lookup
,read
,write
,insert
,delete
andcreate
(sub-directory) permissions to userpostmaster@test.com
(again, this user is hosted on same server):
doveadm acl set -A "Public/TestFolder" "user=postmaster@test.com" lookup read write insert delete create
Check the ACl with doveadm
now:
# doveadm acl get -A "Public/TestFolder"
Username ID Global Rights
postmaster@a.cn user=postmaster@test.com create delete insert lookup read write
If you now login to webmail (or other IMAP client) as user postmaster@test.com
,
you can see a new folder TestFolder
.
- With shell command below, we grant all users hosted on same server
lookup
, andread
permissions:
doveadm acl set -A "Public/TestFolder" "anyone" lookup read
Check the ACl with doveadm
now:
# doveadm acl get -A "Public/TestFolder"
Username ID Global Rights
postmaster@a.cn anyone lookup read
postmaster@a.cn user=postmaster@test.com create delete insert lookup read write
If you login to webmail (or other IMAP client) as any user hosted on same
server, you can see a new folder TestFolder
.
- With shell command below we delete access control for user
postmaster@test.com
:
doveadm acl delete -A "Public/TestFolder" "user=postmaster@test.com"
For more details about doveadm
acl control, please read its manual page.
Manage Access Control manually
Notes:
- if you're running Dovecot-2, it's recommended to manage ACL with
doveadm
command.- Dovecot will create file
/var/vmail/public/dovecot-acl-list
automatically, it lists all mailboxes that havel
rights assigned. If you manually add/editdovecot-acl
files, you may need to delete thedovecot-acl-list
to get the mailboxes visible.
Access permission is controlled in file dovecot-acl
under each shared folder,
let's create it before showing you some examples:
touch /var/vmail/public/.TestFolder/dovecot-acl
chown vmail:vmail /var/vmail/public/.TestFolder/dovecot-acl
chmod 0700 /var/vmail/public/.TestFolder/dovecot-acl
- With shell command below, we grant
lookup
(l),read
(r),write
(w),insert
(i),delete
(x) andcreate sub-directory
(k) permissions to userpostmaster@test.com
(again, this user is hosted on same server):
echo 'user=postmaster@test.com lrwixk' >> /var/vmail/public/.TestFolder/dovecot-acl
- With shell command below, we grant all users
lookup
(l) andread
(r) permissions:
Note: it requires setting
acl_anyone = allow
in Dovecot config file.
echo 'anyone lr' >> /var/vmail/public/.TestFolder/dovecot-acl
References
-
Dovecot official documents: