Dovecot ACL in Nethserver 7

,

283/5000
How is it possible to access an inbox of another user in the AD in Roundcube and SOGo? This is via vmail goes, I am aware, I would like to access the user-A on the input of User-B, without announcing another. How can the ACL be cleaned?

Hi Kunstlust welcome on NethServer
You can use user name with *root suffix appended. As described here
http://docs.nethserver.org/en/v7/mail.html#mailbox-configuration
Hope it helps

Thanks for the help, but I already use, but does not help. User A should see user B’s inbox in his INBOX.User_B. It is therefore also to see mail, or to log on with another account. This may be important in the case of User_B disease. This is also not to think about a public folder. How do I set the ACLs?
Use doveadm, or set in a Configfile?

Hello Kunstlust,

I did this exact setup recently and it is working for my client perfectly. It is somehow different from public folder. It is not straight forward (a bit crude - “blame” Dovecot :slight_smile: ) but the end result is great. I do not have access to my setup notes now. I will only be back home on Saturday and then I can check my notes. So if you will not have gotten a solution by then, I will post it here.

2 Likes

Ok, here we go.

This assumes Nethserver setup, because the namespaces and acl imap plugins have already been configured.

Lets assume User_A wants to access User_B’s INBOX

To share INBOX with permissions: read (r), lookup (l) and insert (i).

Login via telnet as User_B

telnet localhost 143

a login User_A@example.com  passwordofUser_A
a SETACL Inbox B@example.com lri
a OK Setacl complete.
a logout

NB. Dont forget the dot after “OK Setacl complete

Might have to restart Dovecot/Sogo (or even do a reboot)

Then to check: In Sogo, a new folder will appear below. Click on the “Other Users” icon to expand it, then click on the User to view and access the shared mailbox.

I hope you find this useful.

1 Like

Thank you for your support. It folds exactly the same, it is synonymous with user * root itself with appropriate configuration to log on. This is helpful, with an AD connection, since not always the password of the user is known. Is it possible to edit the file “/ var / lib / nethserver / vmail / user_Bt / Maildir / dovecot-acl *”?

It is possible, but I wouldn’t do it! See the doveadm acl command: it is designed for that purpose.

If I understand you correctly this is what you want or are requesting;

  1. If its possible to edit dovecot-acl directly
  2. You want to share folder for users who you dont always know the passwords

Again, assuming this is what you want;

  1. As David says, Its not advisable, it didnt even work for me when I tried to edit the ACL file directly.

  2. Well, there is a second method I found out for sharing User folders !
    With this method you do not have to know the User_B, User_C etc password ! I only listed method one (in my above previous post) because I thought you only needed to share one or two users folders.

With the second method you can share several users, line by line. Its much faster and easier, though the command looks crude.

Going by above example of User_A wanting to share User_B INBOX and needs read, lookup and insert ACLs

doveadm acl set -u User_A@example.com Shared/User_B@example.com/INBOX "User_A@example.com" lookup read insert

That’s it. Notice that this time you use the full ACL name and not abbreviation. It wont work if you use lri in the example above.

Then;

= Check if the folder got shared

doveadm mailbox list -u User_A@example.com

= Confirm the acls that got created

doveadm acl get -u User_A@example.com Shared/User_B@example.com/INBOX

I hope this is you want.

1 Like