In the last blog I wrote on – at some length I might add – about setting up public shared folders in Dovecot and about just how hard that is! There are some annoyances with Dovecot, but that’s the evolution of something free (the old “you get what you pay for” line). I haven’t tried Dovecot 2.0 yet. Perhaps in 18 months when the next LTS of Ubuntu is available I’ll get there.
After getting the basics of the configuration working I set out to start using and testing the setup. What I found initially is that Dovecot will use the root folder permissions as the permissions for manipulating files. This is particularily problematic when sharing folders as typically you need to enable group permissions. Eg:
rwx----- user mail .
rwxrwx-- user Pubmail .
In the dovecot error log, or just in mail.err, you’ll see plenty of informative error messages about fchown, dotlock etc.. and in there will be information about the group being used Eg:
dovecot: IMAP(infocss): fchown(/home/infocss/Mail/subscriptions.lock, -1, 8(mail)) failed: Operation not permitted (egid=513(Domain Users), group based on /home/infocss/Mail)
In this case you can see that it used the permissions of the group to perform the operation and this failed. That group doesn’t have the permissions – from Dovecot – to perform that operation.
The only way I have found to “fix” this is to allow additional groups to have privileged permissions within Dovecot. This is in addition to the group permissions you need on the files – though I must add that I haven’t tried reducing the file permissions. I’m afraid of breaking something that works!
To do this you need to modify a line in the config file, as described in the Dovecot Wiki.
mail_access_groups = Group1,Group2
The wiki, while telling you that you can have multiple groups here, doesn’t tell you whether the line is comma delimiter or space delimited. It is comma delimited.
That should get your public shared boxes working. Though I still wonder how this setup will work with use shared boxes. I still had tremendous problems with that.
In the last post I pondered about the ACL and how group will work there. Dovecot only really recognises a user’s primary group but not supplementary ones. The “workaround” to this, and to get ACLs really working is to use Post Login Scripting. This is thankfully explained here.
I haven’t tried this. Presumably the script can be put in an appropriate place – /usr/local/bin ??
The guys at Chameeya now have full access to the info e-mail box to answer and respond to customer enquiries.