SfR Fresh: [dovecot-1.0.15.tar.gz] Member ACL.txt (dovecot-1.0.15/doc/wiki/A ...

"SfR Fresh" - the SfR Freeware/Shareware Archive

Member "dovecot-1.0.15/doc/wiki/ACL.txt" of archive dovecot-1.0.15.tar.gz:

As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.

    1 
    2 
    3 Access Control Lists
    4 ====================
    5 
    6 
    7 Dovecot supports giving ACLs to mailboxes, although it doesn't yet support the actual IMAP ACL extension. The code allows multiple ACL backends, but currently Dovecot supports only virtual ACL files. See >>SharedMailboxes<< for information how to implement them. 
    8 ACLs can be enabled in dovecot.conf with: 
    9 
   10 ---%<-------------------------------------------------------------------------
   11 protocol imap {
   12 ..
   13   mail_plugins = acl
   14 }
   15 ...
   16 plugin {
   17   acl = vfile:/etc/dovecot-acls
   18 }
   19 ---%<-------------------------------------------------------------------------
   20 
   21 Groups aren't currently supported, but only because the groups can't be specified in userdb currently. If you really need groups, you could modify the sources: http://dovecot.org/list/dovecot/2007-May/022535.html 
   22 The default ACLs for mailboxes is to give owner all permissions and other users none. Mailboxes in public namespaces don't have owners, so by default no-one can access them. 
   23 
   24 
   25 vfile backend
   26 =============
   27 
   28 
   29 vfile backend supports per-mailbox ACLs and global ACLs which apply to all users' mailbox with the same name. 
   30 Per-mailbox ACLs are stored in 'dovecot-acl' named file, exists in: 
   31 
   32  * maildir: The maildir's root directory (eg. '~/Maildir', '~/Maildir/.folder/') 
   33  * mbox: Currently in the same directory as indexes (eg. '~/mail/.imap/INBOX/'), but this might change 
   34  * dbox: dbox's root directory (eg. '~/mail/INBOX/Mails/') 
   35 Global ACLs are stored in the directory you gave as ACL plugin parameter ('/etc/dovecot-acls' in above example). They exist with the same name as the mailbox. For example for *INBOX* you'd have '/etc/dovecot-acls/INBOX' file, and for *Folder.subfolder* you'd have '/etc/dovecot-acls/Folder.subfolder' file. 
   36 If you have hierarchy separator as '/' it gets a bit more complicated. If you have mailboxes *foo* and *foo/bar*, the ACL file of *foo/bar* exists in '/etc/dovecot-acls/foo/bar/' as you would expect. But since '/etc/dovecot-acls/foo' is a directory, you can't create such file for *foo* mailbox's ACLs. So for *foo* you'll have to use '/etc/dovecot-acls/foo/.DEFAULT' file. 
   37 WARNING: Namespace prefixes are currently ignored, so if you have multiple namespaces their mailbox names could conflict. This will be fixed later. 
   38 
   39 
   40 ACL files
   41 =========
   42 
   43 
   44 The files themselves are in format: 
   45 
   46 ---%<-------------------------------------------------------------------------
   47 <identifier> <ACLs> [:<named ACLs>]
   48 ---%<-------------------------------------------------------------------------
   49 
   50 Where *identifier* is one of: 
   51 
   52  * group-override=*group name* 
   53  * owner / user=*user name* 
   54  * group=*group name* 
   55  * owner 
   56  * authenticated 
   57  * anyone / anonymous 
   58 The ACLS are processed in the order given above, so eg. if you have given read-access to some group, you can still remove that from some specific user. 
   59 Group-override identifier allows you to override users' ACLs. Probably the most useful reason to do this is to temporarily disable access for some users. For example: 
   60 
   61 ---%<-------------------------------------------------------------------------
   62 user=timo rw
   63 group-override=tempdisabled
   64 ---%<-------------------------------------------------------------------------
   65 
   66 Now if *timo* is in *tempdisabled* group, he has no access to the mailbox. This wouldn't be possible with a normal group identifier, because the 'user=timo' would override it. 
   67 The currently supported ACLs and their corresponding named ACLs are: 
   68  l 
   69  lookup 
   70  Mailbox is visible in mailbox list. Mailbox can be subscribed to. 
   71  r 
   72  read 
   73  Mailbox can be opened for reading. 
   74  w 
   75  write 
   76  Message flags and keywords can be changed, except \Seen and \Deleted 
   77  s 
   78  write-seen 
   79  \Seen flag can be changed 
   80  t 
   81  write-deleted 
   82  \Deleted flag can be changed 
   83  i 
   84  insert 
   85  Messages can be written or copied to the mailbox 
   86  e 
   87  expunge 
   88  Messages can be expunged 
   89  k 
   90  create 
   91  Mailboxes can be created under this mailbox 
   92  x 
   93  delete 
   94  Mailbox can be deleted 
   95  a 
   96  admin 
   97  Administration rights to the mailbox 
   98 The ACLs are compatible with RFC 4314 (IMAP ACL extension, updated version). 
   99 Unknown ACL letters are complained about, but unknown named ACLs are ignored. Named ACLs are mostly intended for future extensions. 
  100 Example ACL file: 
  101 
  102 ---%<-------------------------------------------------------------------------
  103 owner lrwstiekxa
  104 user=timo rl
  105 ---%<-------------------------------------------------------------------------
  106 
  107 (This file was created from the wiki on 2007-12-11 04:42)