[Dovecot] Shared folders plans for the future

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 25 Oct 2006, Timo Sirainen wrote:

> Well, I don't think the symlinks would normally break by themselves? Unless

Not by themselves, but by a crashed server, disconnected NFS, ... .

> Mailbox listing is anyway done a lot by the clients, so this operation needs
> to be pretty fast. Doing a stat(box/dovecot-acls) for each mailbox could get
> slow if there are a lot of mailboxes.

Hmm, so it rather is some sort of cache, like the index. Maybe some 
"re-create each day" or re-create when "shared" folder is missing, like it 
is done for the indexes? BTW: Will the folder go into the Control 
directory as well, for people having filesystem quota?

Just thinking loud: For a global shared mailbox this won't help, because
all mailboxes are shared and the server does not know to which particular
mailbox the particular user has which access to.
I mean 1) reads: "1) How to get (quickly) a list of another user's 
mailboxes that I have access to?" You still need to open each -acl file 
and inspect it to gain the information for one particular user.
To cache the resulting ACL scan for each user could allocate lots of 
space.
Maybe you can combine 1) and 2)?

> And how do you select a specific mailbox or list a specific user directly
> with any commonly used IMAP client? You don't, so you'll have to show the
> list of users who have shared mailboxes to you.

OK, I'm to much used to pine. I didn't thought about browsing to a
specific mailbox.

> Well, I suppose dynamic groups could work, but then you'd have to reserve one
> GID for each different ACL. Probably too much trouble to implement..

Yep, especially has there are a limited number of groups.

> How many people anyway even need to support users who have shell access and
> can share mailboxes to each others? I don't think all that many.

Agreed.

> 1) Let sysadmin define all the groups and people who are in them. Allow the
> filesystem ACL backend to manipulate the file mode and group directly.

Then the user will also need to be able to manipulate the group membership
of a mailbox. This would be doable for global shared ones only, I guess.

> 2) Use one or more groups for shared mailboxes which gives a group of people
> access to the mailbox, but the vfile ACL backend is still doing the exact 
> permission checks. Like there could be just one "shared-mails" group which is
> set for all mailboxes that are shared, but each of then then could contain 
> dovecot-acls file which describes who it's shared to.

This sounds best.

Bye,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQEVAwUBRT96Iy9SORjhbDpvAQI+MggAyCC9msWfAHMzD8lQeiNJJJeB3BFFd+ro
afW2FDq74J2yIg5HokVcyZK9gH5kMATh0jnQM8DYB+w3mAZE2gxjBdw0RLDMFgSz
0RUgVZqjJG3uWICaa9ckpEIhdfA09DoZkgKBX4X4orw4LPTOmhYrm42cFxv0jKHV
o4U2BrMlJgiBVMsOaMnk77be7qUpP0CYSoZCqiYGjf8BSVOUqaMaSUjxV8Noq5Ay
3PWW8HK1fpv0zz73BMCw3szeM3s1qHATx//35drJUaf3zjbdBG27mR7w6rzjg02g
Nij+2xuF1fZXyF00/Ft+S6zVVj8ASUhFKx8j5SX/lXnYZlwy4Ac0EQ==
=2pPh
-----END PGP SIGNATURE-----