Yes, it will be nice if/when you get around to supporting the ability for Users to Share their own folders, but all I care about is official support (not a 'kludge') via administrator assigning the ACLs.
OK, that at least comes within a month. I'm not exactly sure yet what would be the best way to configure them though. One possibility would be some global /etc/dovecot-acls.conf and another would be per-mailbox dovecot-acls file. Or perhaps both could be supported.. Suggestions welcome :)
Well, although IANAP, I like the idea of both - especially if the global file can 'include' other individual files (group and/or individual mailbox files?) - this would make it easier to manage acls, especially in larger settings.
Actually, I would prefer having one ACL configuration per folder. There you could also store any other folder-specific settings, say "have flags per user" vs. "share flags among users" or "inherit settings to (newly created?) sub-folders" or "may create sub-folders".
A system-wide configuration is hard to maintain, if it applies to every folder.
Hmmm... well, I don't see anywhere where I suggested that. In fact, I sort of took for granted that ACLs would be configurable on a per folder basis. All I suggested was a way to implement it using a Global .conf file, but with the ability to 'include' other .conf files, to make it easier to maintain in a large environment.
Ok, to get some more detail... what I am interested in is two-fold - seen flags, and ACLs. The following is just a wish-list. I don't know if IMAP ACLs are actually capable of all of the described behavior.
- 'Seen' flags (I know there are more - but these are the only ones I need to be able to configure) - I need to be able to set these as 'Per User', on a per Folder basis. If this option is *not* set on a folder, then the server should maintain the seen state - any user can change it, and all will see the new state.
It wouldn't matter to me which was the default behavior - ie, if I had to set seen='per user', or seen='server'.
'Hide Unreadable' Global flag - if I set it, then users should not even see shared folders that they don't have at least read-only perms. Samba does this really well with shares - any folders inside a share are invisible to users who don't have perms to open them.
ACLs - ability to set user and group ACLs on a per folder (or per group of folders) basis.
Do IMAP ACLs support the ability to set whether a user can add new folders or not (assuming they have read/write perms), and if they are allowed to, whether the ACLs should propogate to (be inherited by) any new sub-folders or not?
Hope this made sense...
--
Best regards,
Charles