[Dovecot] vfile ACL's
Benjamin R. Haskell
dovecot at benizi.com
Tue Aug 7 20:01:41 EEST 2007
On Sun, 5 Aug 2007, Timo Sirainen wrote:
> On Fri, 2007-08-03 at 09:34 -0400, Benjamin R. Haskell wrote:
>> (Sorry for the impatience. This was one of several questions in my email
>> from yesterday. I thought I might have better luck being more direct.)
>>
>> Is there a way to set ACL's, using the vfile backend, on a truly global
>> basis? or hierarchically (i.e. .Maildir.Sub inherits from .Maildir)?
>
> I thought there was something like that, but looks like not. I don't
> remember if this is because there was a problem with adding support for
> them or if I simply haven't gotten around to implementing them yet.
>
Thanks for the response.
I worked around the actual problem (in "[Dovecot] Shared folder
hierarchies, multiple groups") with the following patch:
http://benizi.com/dovecot-1.0.1-namespace-hack.patch
It's probably not the "correct" thing to do. (Hence "-hack".) But, it did
seem to be the minimal set of changes required to accomplish what I wanted
(shared folders implemented via namespaces with permissions controlled by
the namespace INBOX's group).
It changes the following:
1. src/imap/cmd-list.c - list_namespace_init
In the IMAP LIST command, when checking namespace INBOX'es, if the INBOX
folder's path exists and is not readable, it doesn't list it.
2. src/lib-storage/index/maildir/maildir-list.c - maildir_fill_readdir
If it fails to open the directory because permission was denied, it sets
an open_flag, but doesn't set_critial, and returns false.
3. src/lib-storage/index/maildir/maildir-list.c - maildir_mailbox_list_init
If maildir_fill_readdir fails, and the HIDEYHACK flag is set, it returns
in the same place as a failure would, but doesn't set .failed on the
context.
4. src/lib-storage/index/maildir/maildir-storage.c - verify_inbox
Checks permissions on the directory path. If the folder exists, but is
unreadable, it returns 0 (= verifies OK), but logs an error to assist in
actual-error debugging.
If there's anything *glaringly* wrong with this approach, please let me
know.
Best,
Ben
More information about the dovecot
mailing list