最後更新: 2017-10-31

介紹

Dovecot supports only virtual ACL files.

Note that using ACLs doesn't grant mail processes any extra filesystem permissions that they already don't have.

ACL vfile backend

vfile backend supports per-mailbox ACLs and global ACLs.

ACL 檔的格式:

Default: dovecot-acl

<identifier> <ACLs> [:<named ACLs>]

<identifier>

• group-override=group name
• user=user name
• group=group name

<ACLs>

• l    lookup
• r    read

P.S.

tab (or multiple spaces) instead of a space character between fields may not work

Example:

The ACLS are processed in the precedence given above, so for example if you have given read-access to a group, you can still remove that from specific users inside the group.

user=timo rw
group-override=tempdisabled

Now if timo is in tempdisabled group, he has no access to the mailbox

權限

一共有 11 種權限

l  lookup

Mailbox is visible in mailbox list. Mailbox can be subscribed to.

r  read

Mailbox can be opened for reading.

w  write

Message flags and keywords can be changed, except \Seen and \Deleted

s  write-seen

t  write-deleted

i  insert

Messages can be written or copied to the mailbox

p  post

Messages can be posted to the mailbox by LDA, e.g. from Sieve scripts

e  expunge

Messages can be expunged

k  create

Mailboxes can be created (or renamed) directly under this mailbox (but not necessarily under its children, see ACL Inheritance section above) (renaming also requires delete rights)

x delete

Mailbox can be deleted

a admin

Administration rights to the mailbox (currently: ability to change ACLs for mailbox)

全權: ilwstpekxar

ACL Cache(dovecot-acl-list )

dovecot-acl-list file lists all mailboxes that have "l" rights assigned.

If you manually add/edit dovecot-acl files, you may need to delete the dovecot-acl-list to get the mailboxes visible.