On Wed, 2007-02-14 at 10:26 -0700, Stephen Warren wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Bill Landry wrote:
- save the file to some temporary file in a directory where only deliver has access
- change effective UID to destination user (keep the deliver group effective) and hardlink the file to the user's maildir
- change effective UID back to root
- process next user, goto 2
- Unlink the temporary file
Permissions are stored in the inode (essentially, with the file itself), and not in the directory entry. As such, each hard link to the file would share the exact same permissions, so the above algorithm doesn't work to give each user their own permissions on the same underlying storage file.
That's why I mentioned that the file would have to be owned by root or another special user. The file would need some world-readable permissions, which would be enough for IMAP access (there's no need to modify the file). Also the world-readability shouldn't be a problem since the maildir directory itself should be restricted to only the one user.