Re: Public mailboxes with ACLs

Wed, 21 Jan 2026 03:51:49 -0800 


> On 21/01/2026 13:38 EET Lukas via dovecot <[email protected]> wrote:
> 
>  
> Hi!
> I am setting up a new dovecot server in order to replace my old one. I am 
> migrating from 2.3.6 to 2.4.1. I knew it would have been difficult but I 
> didn't think so much. At the moment I am stuck in converting my configuration 
> of Public mailboxes with ACLs. Even if I carefully checked the documentation, 
> I do not understand clearly some point. 
> My server has 2 Public Mailboxes that should be seen r/w by some user, read 
> only by some other, not seen at all by all the others. Folders created in the 
> Public Mailboxes need to have the same access privileges as the parent Public 
> Mailbox.
> 
> In 2.3 I set up a global ACL file containing the list of all privileges (some 
> lines like "MAILBOX_NAME* user=USERNAME lrs" with the privileges of each user 
> for the two mailboxes and their content) and it worked like a charm. I cannot 
> get the same in 2.4.
> What I understand from dovecot 2.4 docs -correct me if I am wrong- is: 
> - the global ACL file (and folder) is gone, deprecated;
> - I need to create a file in each folder shared in the public folder;
> - I need to enable "acl_driver = vfile" in 90-acl.conf.
> 
> If I configure this way, it seems to work but I need to create a dovecot-acl 
> file in every folder existing in the Public Mailbox... Given that the file is 
> the same for every folder (since I do not need different privileges in my 
> environment), should I really waste all of this time?  
> 
> Please, can you tell me if I am misunderstanding this argument? The dovecot 
> 2.4 choice for this feature is really this or I am missing something? There 
> is definitely no way to have something like the 2.3 global ACL file?
> 
> Thank for help and patience.
> Bye
> 
> 
> Lukas

Hi!

ACL rules can be configured in config file now:

acl_driver = vfile

## can create many but use only one.
group @acl_ruleset acl_ruleset1 {
     acl user=user1 {
       rights = lri
     }
     acl anyone {
        rights =
     }
}

group @acl_ruleset acl_default {
     acl group=people {
       rights = lri
     }
     acl anyone {
        rights =
     }
}

namespace public {
  mail_path = /home/public/mail
  mail_index_private_path = %{home}/.public

  mailbox "foo" {
    @acl_ruleset = acl_ruleset1
  }
  mailbox "bar" {
    @acl_ruleset = acl_ruleset1
  }

  @acl_ruleset = acl_default
}

Aki

_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to