Access Control Lists
====================

Dovecot supports giving ACLs to mailboxes, although it doesn't yet support the
actual IMAP ACL extension. The code allows multiple ACL backends, but currently
Dovecot supports only virtual ACL files.

ACLs can be enabled in dovecot.conf with:

---%<-------------------------------------------------------------------------
protocol imap {
..
  mail_plugins = acl
}
...
plugin {
  acl = vfile:/etc/dovecot-acls
}
---%<-------------------------------------------------------------------------

Groups aren't currently supported, but only because the groups can't be
specified in userdb currently. If you really need groups, there are some
workarounds that would allow you to pretty easily use them already.

vfile backend
-------------

vfile backend supports per-mailbox ACLs and global ACLs which apply to all
users' mailbox with the same name.

Per-mailbox ACLs are stored in 'dovecot-acl' named file, exists in:

 * maildir: The maildir's root directory (eg. '~/Maildir',
   '~/Maildir/.folder/')
 * mbox: Currently in the same directory as indexes (eg.
   '~/mail/.imap/INBOX/'), but this might change
 * dbox: dbox's root directory (eg. '~/mail/INBOX/Mails/')

Global ACLs are stored in the directory you gave as ACL plugin parameter
('/etc/dovecot-acls' in above example). They exist with the same name as the
mailbox. For example for *INBOX* you'd have '/etc/dovecot-acls/INBOX' file, and
for *Folder.subfolder* you'd have '/etc/dovecot-acls/Folder.subfolder' file.

If you have hierarchy separator as '/' it gets a bit more complicated. If you
have mailboxes *foo* and *foo/bar*, the ACL file of *foo/bar* exists in
'/etc/dovecot-acls/foo/bar/' as you would expect. But since
'/etc/dovecot-acls/foo' is a directory, you can't create such file for *foo*
mailbox's ACLs. So for *foo* you'll have to use
'/etc/dovecot-acls/foo/.DEFAULT' file.

WARNING: Namespace prefixes are currently ignored, so if you have multiple
namespaces their mailbox names could conflict. This will be fixed later.

ACL files
---------

The files themselves are in format:

---%<-------------------------------------------------------------------------
<identifier> <ACLs> [:<named ACLs>]
---%<-------------------------------------------------------------------------

Where *identifier* is one of:

 * group-override=*group name*
 * owner / user=*user name*
 * group=*group name*
 * owner
 * authenticated
 * anyone / anonymous

The ACLS are processed in the order given above, so eg. if you have given
read-access to some group, you can still remove that from some specific user.

The currently supported ACLs and their corresponding named ACLs are: 

+---+---------------+---------------------------------------------------------+
| l | lookup        | Mailbox is visible in mailbox list. Mailbox can be      |
|   |               | subscribed to.                                          |
+---+---------------+---------------------------------------------------------+
| r | read          | Mailbox can be opened for reading.                      |
+---+---------------+---------------------------------------------------------+
| w | write         | Message flags and keywords can be changed, except \Seen |
|   |               | and \Deleted                                            |
+---+---------------+---------------------------------------------------------+
| s | write-seen    | \Seen flag can be changed                               |
+---+---------------+---------------------------------------------------------+
| t | write-deleted | \Deleted flag can be changed                            |
+---+---------------+---------------------------------------------------------+
| i | insert        | Messages can be written or copied to the mailbox        |
+---+---------------+---------------------------------------------------------+
| e | expunge       | Messages can be expunged                                |
+---+---------------+---------------------------------------------------------+
| k | create        | Mailboxes can be created under this mailbox             |
+---+---------------+---------------------------------------------------------+
| x | delete        | Mailbox can be deleted                                  |
+---+---------------+---------------------------------------------------------+
| a | admin         | Administration rights to the mailbox                    |
+---+---------------+---------------------------------------------------------+

The ACLs are compatible with RFC 4314 (IMAP ACL extension, updated version).

Unknown ACL letters are complained about, but unknown named ACLs are ignored.
Named ACLs are mostly intended for future extensions.

Example ACL file:

---%<-------------------------------------------------------------------------
owner lrwstiekxa
user=timo rl
---%<-------------------------------------------------------------------------

(This file was created from the wiki on 2007-04-13 14:32)
