Shared mailbox read-only access

NethServer Version: 7.6.1810 (final)
Hello to all,
I’m a new Italian user and I’m testing NethServer for mail server; sorry for my English !!!
I added NethServer to join active directiry witch windows server 2019 DC, I see user and group correctly;
I created a Shared mailbox “support” where I receive from a mail alias support@mydomain, the shared mailbox is seen by the ( owner group) support via imap, but how can I block read-only access for some users?
I don’t want them to be able to delete messages

You could try fiddling with dovecot ACL’s
@giacomo can you fire off some warnigns or point to terrible nono’s regarding this in combination with NethServer mail?

1 Like

great !!
from the path: /var/lib/nethserver/vmail/vmail/Maildir/.support
I edited file “dovecot-acl” and I modified from:

group=support@mydomain keilrwts


group=support@mydomain rwls

so the users of the support group can read but not delete and move the messages of that shared mailbox; now I continue with other tests !!!
you are really fantastic !!! in the end I would like to remove our current exchange server :wink:


I fear a little overwrite when some settings will be change on NethGui…

1 Like

what kind?
can anyone say where there may be problems?
on the interface the ACL are correctly viewed

NethGUI is an interface which collect options for translating into configuration file when the configuration is saved.
Therefore, anytime that a shared mailbox ACL or shared box itself will be created or edited, the file .support could be overwritten.
I am not sure of that…

That’s what custom templates are for. Maybe anyone of the @dev_team can give a hint on this how to handle this in this specific situation?

Would it be a reasonable feature request to have custom dovecot ACL’s through the servermanager interface?

@xalex77 you can safely change the ACLs from the terminal using doveadm command: ACLs will be preserved.
Otherwise just use the new Server Manager:

Full custom ACLs are quite complicated and I’m not sure users will not understand it.
But we could add other pre-compiled combination inside the above page.


May i ask you why doveadm will not be overridden by an update of configuration?

Ordinary users are not allowed to that section of servermanager. Users only see the option to change their password.
Server administrators however, can. And you could expect that server admins understand. (/me runs)

Because it’s not really a configuration. It’s more kind a dovecot status saved in a file. IIRC the file it’s inside the mailbox itself, but I’m not really sure.

Don’t get me wrong, I’m not still sure about it. Do you think that a windows admin knows the difference between the expunge right other then the write-delete?
Please see

so in my case what should I write to set permissions with command “doveadm”?

you obviously missed the (/me runs) part… :joy:
btw, on cirrusmail FAQ it is nicely explained:

Ahahah :smiley:

Wow, the documentation link is very clear!

I don’t remember the right syntax, you need to see the manual page. But my advise is to use the new server manager and just set “read-only” from there.

how can i use the new server manager?
then do I lose the current server manager?

Starts from here but several other topics are related



With NethServer 7.7 the new servermanager is installed by default too. It runs on port 9090 (in contrast to the tradistional servermanager that runs on port 980)
So just go to https://yourserver:9090 and log in with a user that has administrative rights. (root, admin, administrator or any other account you configured with admin rights)

I tried to install new server manager but I have installation errors:

yum install nethserver-cockpit

via Software Center clicking on

New Server Manager (Beta)

CLEAR YUM CACHE, but the error remain :frowning:

Maybe is related, @dev_team?

Maybe you partially installed from 7.6 and partially from 7.7.
Update to 7.7 rc:

yum update --enablerepo=nethserver-testing nethserver-subscription
signal-event software-repos-upgrade

Then try to install nethserver-cockpit again.