elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/en_US/howto/public.folder.md

223 lines
7.0 KiB
Markdown
Raw Blame History

# How to create and manage public folder
[TOC]
iRedMail has setting for public folder in `/etc/dovecot/dovecot.conf`,
what you need to do is:
* enable the setting for public folder
* choose a preferred directory as public folder
* set proper ACL rules to control the access
In this tutorial, we will show you how to share a public folder named `TestFolder`.
## Enable public folder in Dovecot
Find sample settings like below in Dovecot config file `/etc/dovecot/dovecot.conf`:
```
# Public mailboxes.
# Refer to Dovecot wiki page for more details:
# http://wiki2.dovecot.org/SharedMailboxes/Public
#namespace {
# type = public
# separator = /
# prefix = Public/
#
# # CONTROL=: Mark this public folder as read-only mailbox
# # INDEX=: Per-user \Seen flag
# location = maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
#
# # Allow users to subscribe to the public folders.
# subscriptions = yes
#}
```
Remove comment marks (`#`) for above `namespace {}` block, like below:
```
# Public mailboxes.
# Refer to Dovecot wiki page for more details:
# http://wiki2.dovecot.org/SharedMailboxes/Public
namespace {
type = public
separator = /
prefix = Public/
# CONTROL=: Mark this public folder as read-only mailbox
# INDEX=: Per-user \Seen flag
location = maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
# Allow users to subscribe to the public folders.
subscriptions = yes
}
```
If you want to share the public folder to all users hosted on same server,
please also remove the comment mark in below line in `dovecot.conf`:
```
acl_anyone = allow
```
Restarting Dovecot service is required after changed its config file.
Important notes:
* With above setting, it uses `/var/vmail/public` as public folder. You're free
to change it to a preferred directory. We use `/var/vmail/public/` in this
tutorial for example.
* Please make sure the public folder is owned by user/group `vmail:vmail`
with permission `0700`.
Now let's create required folder and our first shared folder `TestFolder`.
```
mkdir -p /var/vmail/public/.TestFolder
chown -R vmail:vmail /var/vmail/public/.TestFolder
chmod -R 0700 /var/vmail/public/.TestFolder
```
!!! note "Notes"
* There's a dot in folder name while creating it, it's `.TestFolder`, not
`TestFolder`. All folders with a prefixed dot will be considered as an
IMAP folder by Dovecot with iRedMail default settings.
* There are no `cur/`, `new/` or `tmp/` directories directly under the
`/var/mail/public/` folder, because the `Public/` namespace isn't a
mailbox itself. If you create them manually, it does become a selectable
mailbox.
With steps above, if you login to webmail (or other IMAP client) as any mail
user hosted on same server, there's no visible public folder at all -- this is
correct, because no one has permission to access this folder right now.
## Manage Access Control with `doveadm`
Before we set any permission, let's check the access control of this public
folder first with command `doveadm acl get`:
```
doveadm acl get -A "Public/TestFolder"
```
You can see output like below, no access control at all:
```
Username ID Global Rights
```
Below is list of all available permissions. Please check [Dovecot web
site](http://wiki2.dovecot.org/ACL) for more details or update.
!!! note "Permissions"
Permission name (short) | Permission name (full) | Comment
---|---|---
l | lookup | Mailbox is visible in mailbox list. Mailbox can be subscribed to.
r | read | Mailbox can be opened for reading.
w | write | Message flags and keywords can be changed, except `\Seen` and `\Deleted`
s | write-seen | `\Seen` flag can be changed
t | write-deleted | `\Deleted` flag can be changed
i | insert | Messages can be written or copied to the mailbox
p | post | Messages can be posted to the mailbox by LDA, e.g. from Sieve scripts
e | expunge | Messages can be expunged
k | create | Mailboxes can be created (or renamed) directly under this mailbox
x | delete | Mailbox can be deleted
a | admin | Administration rights to the mailbox (currently: ability to change ACLs for mailbox)
With shell command below, we grant some permissions to user
`postmaster@test.com` (again, this user is hosted on same server):
```
doveadm acl set -A "Public/TestFolder" "user=postmaster@test.com" lookup read write write-seen write-deleted insert delete expunge create
```
Check the ACl with `doveadm` again:
```
# doveadm acl get -A "Public/TestFolder"
Username ID Global Rights
postmaster@a.cn user=postmaster@test.com create delete expunge insert lookup read write
```
If you now login to webmail (or other IMAP client) as user `postmaster@test.com`,
you can see a new folder `TestFolder`.
With shell command below, we grant all users hosted on same server `lookup`,
and `read` permissions:
```
doveadm acl set -A "Public/TestFolder" "anyone" lookup read
```
Check the ACl with `doveadm` now:
```
# doveadm acl get -A "Public/TestFolder"
Username ID Global Rights
postmaster@a.cn anyone lookup read
postmaster@a.cn user=postmaster@test.com create delete expunge insert lookup read write
```
If you login to webmail (or other IMAP client) as any user hosted on same
server, you can see a new folder `TestFolder`.
With shell command below we delete access control for user `postmaster@test.com`:
```
doveadm acl delete -A "Public/TestFolder" "user=postmaster@test.com"
```
For more details about ACL control, please read Dovecot tutorials mentioned in
[References](#references) below.
## Troubleshooting
* If public folder doesn't work as expected, please [turn on debug mode in
Dovecot](./debug.dovecot.html) to get debug message. If you don't understand
the debug message, you can post them to our [online support forum](https://forum.iredmail.org/)
to get help.
* It's also a good idea to run `doveadm` command with `-D` flag to turn on
verbose logging, like below:
```
doveadm -D acl ...
```
## Use someone's mailbox as public folder
If you want to use someone's mailbox as public folder, here's a simplest way to
achieve it.
Let's say you want to share user `public@domain.com`'s mailbox as public folder
`PublicMailbox`, and its maildir path is
`/var/vmail/vmail1/domain.com/p/u/b/public-20160714100502/Maildir/`. What you
need to do are:
* creating a symbol link to this maildir path like below
* set proper ACL with `doveadm acl` (check steps above)
!!! warning
There's a dot prepended in public mailbox name, it's `public/.PublicMailbox`,
not `public/PublicMailbox`.
```
ln -s /var/vmail/vmail1/domain.com/p/u/b/public-20160714100502/Maildir /var/vmail/public/.PublicMailbox
```
## References
* Dovecot official documents:
* [Public Mailboxes](http://wiki2.dovecot.org/SharedMailboxes/Public)
* [Access Control Lists](http://wiki2.dovecot.org/ACL)
* [Manage Access Control List with doveadm](http://wiki2.dovecot.org/Tools/Doveadm/ACL)
## See Also
* [Mailbox sharing](./mailbox.sharing.html)
Reference in New Issue View Git Blame Copy Permalink