Sharing
Stalwart includes support for resource sharing, allowing users and groups to collaborate efficiently through shared access to calendars, address books, and file storage. Whether for team scheduling, centralized contact management, or document collaboration, sharing is a core feature designed to support both individual and organizational workflows.
Stalwart supports group calendars, shared address books, and shared file folders, which can be accessed and managed by multiple users with appropriate permissions. In addition to group-based resources, users can also share their personal calendars, contact lists, and files with others on the system.
Sharing is implemented using the WebDAV ACL (Access Control List) extension, which is supported by many CalDAV and CardDAV clients. This allows users to manage who can read, write, or administer their resources directly from a compatible client interface, without requiring server-side configuration changes. Permissions can be granted at various levels—ranging from full access to read-only viewing—providing flexibility for different collaboration scenarios.
With built-in sharing capabilities and standards-based access controls, Stalwart makes it easy to enable collaborative features across calendars, contacts, and files while maintaining clear control over access and visibility.
Group Resources
Stalwart makes it easy to enable shared calendars, address books, and file folders for teams or departments by using group-based resources. These resources are automatically available to all members of a group and provide a convenient way to collaborate without requiring manual sharing configurations.
To enable group resources, administrators simply need to create the appropriate groups within the system and add users to those groups. Once added, users will automatically gain access to the group’s shared resources. The next time they log in through a supported CalDAV, CardDAV, or WebDAV client, they will see the group calendars, address books, or file folders listed alongside their personal resources.
Group resources behave just like individual resources but are accessible to all group members. Permissions are managed centrally, and updates made by one user are immediately visible to others in the group. This simplifies coordination and promotes shared ownership of data within teams.
There is no special configuration required to enable group resource visibility—membership alone is sufficient to grant access, making group-based collaboration both straightforward and scalable.
Sharing Resources
In addition to group-based collaboration, Stalwart allows individual users to share their own calendars, address books, and file folders with other users on the system. This enables flexible, ad-hoc collaboration without requiring administrative involvement, and is ideal for scenarios like sharing a personal calendar with a colleague or granting a teammate access to a specific file directory.
To share a resource, users must use a CalDAV, CardDAV, or WebDAV client—depending on whether they are sharing a calendar, address book, or file folder—that supports the WebDAV ACL (Access Control List) extension. This standard allows users to assign fine-grained permissions (such as read-only or full access) to other users or groups, directly from within the client interface.
An important consideration when sharing resources is how users discover others in the system. In WebDAV terminology, a principal is any entity that can be granted access to a resource—typically a user, group, or system-defined role. By default, for privacy and security reasons, Stalwart does not allow users to list all available principals on the system. This means that while users can share resources with others they know, they won't be able to browse or search the full list of users or groups unless explicitly permitted to do so.
To allow users to list or discover other principals, administrators must grant the appropriate dav-principal-* permissions. These permissions control who can browse user directories, view group membership, or discover available principals across the system. For details on the specific permissions involved, refer to the Permissions documentation.
This approach ensures a secure default posture while still providing flexibility for environments where broader visibility and self-service sharing are desirable.
WebDAV Assisted Discovery
Stalwart organizes user and group resources using a clear and hierarchical path structure. Each principal—a user, group, or other addressable entity in the WebDAV system—has its own namespace under which resources are stored. For example, the calendars for a user named John are located under /dav/cal/john, while the address book for a group named Sales is under /dav/card/sales. Within each principal's path, multiple collections can be created, such as /dav/cal/john/work and /dav/cal/john/personal, allowing users to manage different calendars or contact lists independently.
To support standards-based client discovery, Stalwart lists all of a user’s accessible calendar and address book collections in the calendar-home-set and addressbook-home-set properties of the user's principal. These properties indicate to the client which paths should be queried to retrieve the resources available to the authenticated user, including both personal and shared collections.
However, many CalDAV and CardDAV clients assume a simplified model where all resources are located under a single path, such as /dav/cal/john for all of John's calendars, whether personal or shared. While convenient for the client, this design creates a fundamental limitation: it prevents support for shared or group resources, since the client sees only one path and assumes the user’s scope is confined to it.
To assist clients that rely on this simplified discovery model, Stalwart offers an optional feature called WebDAV Assisted Discovery. When the dav.collection.assisted-discovery setting is enabled, Stalwart modifies its behavior for PROPFIND requests sent to the /dav/cal and /dav/card paths. Specifically, when a client sends a Depth: 1 PROPFIND request to these paths, Stalwart treats the request as if it were made with Depth: 2. This means the server will include in its response all personal and shared collections available to the authenticated user, even if those collections belong to different principals or groups.
This assisted discovery mechanism can make it easier for some clients to locate shared resources that they would otherwise miss. However, it comes with a significant caveat: not all clients expect this behavior, and enabling it may cause issues or inconsistencies in clients that strictly follow the WebDAV specification. For this reason, the setting is disabled by default, and it is recommended to keep it that way unless required for specific interoperability cases.
Instead of relying on assisted discovery, users encountering problems with resource visibility should be encouraged to report these limitations to the developers of the affected clients. Proper support for WebDAV ACL and discovery properties like calendar-home-set and addressbook-home-set ensures a more robust, scalable, and standards-compliant experience in the long term.