[Dovecot] Managing public folder ACL files

[Willie Gillespie]

Similar to Jan Phillip, we have a small setup where we give permissions 
to groups and then I can add or remove users from the groups fairly easily.

On 4/6/2011 4:54 AM, Keith Edmunds wrote:
> We have a customer with a large public folder hierarchy. They occasionally
> make requests to have the public folder ACLs changed; for example: "please
> give user X access to all public folders" (that's nearly 1700 folders).
> Worse: "please give user Y access to all sales folders" (there are 1450
> sales folders).

So on all your sales folders, you have a few groups:
sales-full-access
sales-read-only
everything-full-access
everything-read-only

Your user X, you would maybe put in the "everything-full-access" group.
User Y would get added to the "sales-full-access" group.

> The problem is that there are (naturally) spaces in the folder names,
> which makes command line manipulation challenging. We've ended up with
> some astonishingly hacky Python scripts that enter each folder starting
> with (for example) ".sales" and replacing the dovecot-acl file to try to
> fulfil the above requests. One day our script are going to get it wrong,
> or requests will become more complex ("give X access all sales/CustA
> folders, Y access to all sales/CustB folders, and Z access to all sales
> folders). There must be a Better Way.

This part gets a little trickier, but you could still do it with groups.

>
> How do others manage divergent ACLs within large public folder hierarchies?

Again, we have a small setup -- nothing so large as yours... so even my 
suggestions may not be the best for you.

>
> Thanks,
> Keith