[Dovecot] Managing public folder ACL files
Willie Gillespie
wgillespie+dovecot at es2eng.com
Thu Apr 7 00:49:44 EEST 2011
Similar to Jan Phillip, we have a small setup where we give permissions
to groups and then I can add or remove users from the groups fairly easily.
On 4/6/2011 4:54 AM, Keith Edmunds wrote:
> We have a customer with a large public folder hierarchy. They occasionally
> make requests to have the public folder ACLs changed; for example: "please
> give user X access to all public folders" (that's nearly 1700 folders).
> Worse: "please give user Y access to all sales folders" (there are 1450
> sales folders).
So on all your sales folders, you have a few groups:
sales-full-access
sales-read-only
everything-full-access
everything-read-only
Your user X, you would maybe put in the "everything-full-access" group.
User Y would get added to the "sales-full-access" group.
> The problem is that there are (naturally) spaces in the folder names,
> which makes command line manipulation challenging. We've ended up with
> some astonishingly hacky Python scripts that enter each folder starting
> with (for example) ".sales" and replacing the dovecot-acl file to try to
> fulfil the above requests. One day our script are going to get it wrong,
> or requests will become more complex ("give X access all sales/CustA
> folders, Y access to all sales/CustB folders, and Z access to all sales
> folders). There must be a Better Way.
This part gets a little trickier, but you could still do it with groups.
>
> How do others manage divergent ACLs within large public folder hierarchies?
Again, we have a small setup -- nothing so large as yours... so even my
suggestions may not be the best for you.
>
> Thanks,
> Keith
More information about the dovecot
mailing list