[Dovecot] Plan: ACL changes
Thomas Leuxner
tlx at leuxner.net
Fri Nov 26 11:41:48 EET 2010
On Fri, Nov 26, 2010 at 05:49:16AM +0000, Timo Sirainen wrote:
> So plan #1: deprecate this usage. If global-acls is a directory, keep using the old method. But the new preferred method would be for it to be a file that contains all of the global ACLs. Typically there should be very few entries, so this should also be more efficient. Also this would allow setting default ACLs for namespaces by using wildcards. For example you could have:
>
> * masteruser +lrw
> spam spamuser +lr
> test/* testuser +lr
> etc.
+1
Would this also allow -w by looking at the example. Should cater for
most cases then.
> Plan #2: Add support for per-user default namespace ACLs. In the mail root directory if "dovecot-default-acl" file exists, it's used as the default ACLs. I'm not entirely sure what should happen if it conflicts with the global ACLs. Probably they both should be simply merged, since both can only be created by an admin. Probably the per-user ACL should be allowed to override the global ACLs.
>
+1
I remember the discussions where set around recursion for this
feature: e.g. applying to newly created folders/mailboxes. Is this also
planned by #2?
Regards
Thomas
More information about the dovecot
mailing list