- 'Seen' flags (I know there are more - but these are the only ones I need to be able to configure) - I need to be able to set these as 'Per User', on a per Folder basis. If this option is *not* set on a folder, then the server should maintain the seen state - any user can change it, and all will see the new state.
It wouldn't matter to me which was the default behavior - ie, if I had to set seen='per user', or seen='server'.
This isn't on my paid-to-do list, but I'll probably add support for this after ACLs work in general. I'll do it by making Dovecot store the per-user-flags into index files only, hope that's good enough..
Sure... as long as it works... :)
So, the initial support will be only for server-side 'blanket' seen/read state - when one person marks it as seen, it will show as seen/read by everyone else?
- 'Hide Unreadable' Global flag - if I set it, then users should not even see shared folders that they don't have at least read-only perms. Samba does this really well with shares - any folders inside a share are invisible to users who don't have perms to open them.
IMAP ACLs have separate "can see" and "can open" flags.
Good - so maybe another questions is, which ACL flags will be supported with the initial implementation, and roughly how long before full support for all IMAP ACLs?
- ACLs - ability to set user and group ACLs on a per folder (or per group of folders) basis.
Yep. Although I'm not exactly sure how groups should be configured for users. If users are in /etc/passwd, using /etc/group is probably a good idea. But for virtual users then should there be also virtual groups, and how are they configured?
Well, ianap, but... shouldn't this simply be left to whatever auth mechanism is implemented? I use virtual groups in my setup, so shouldn't Dovecot just validate them as it does users now?
Do IMAP ACLs support the ability to set whether a user can add new folders or not (assuming they have read/write perms),
It has a flag to specify if user can create subfolders for a mailbox. Perhaps I could also make it possible to set those flags for a "" mailbox, which would control if user can create anything under root.
Sub-folders is enough for me - in fact, I don't want my users to be able to create anything willy-nilly - just in the limited p=layground I give them. So as long as that support will be coming, that will make me happy. :)
and if they are allowed to, whether the ACLs should propogate to (be inherited by) any new sub-folders or not?
There's no inheritation specified by the spec. I'm not sure if I should bother doing that for Dovecot either. Might get difficult to understand how the configuration works. Or maybe I could support wildcards, so "box/*" would be possible. But those ACLs couldn't then be modified via IMAP ACL extension (or maybe they could be, but they just couldn't be listed).
Hmmm... well, according to a draft I found, sub-folders should inherit the ACLs of the parent folder:
www3.ietf.org/proceedings/04aug/I-D/draft-ietf-imapext-acl-10.txt
If this is indeed the cyrrent spec, it is fine with me. I really have no interest in this being 'optional'.
Many thanks, Timo - I am very gratified that you are willing to entertain such questions from an obvious non-programmer type.
--
Best regards,
Charles