On Mon, 2010-03-22 at 11:05 +0100, Thomas Hummel wrote:
On Mon, Mar 22, 2010 at 10:25:45AM +0100, Steffen Kaiser wrote:
My idea was to put everybody sharing folders and everybody, who may access shared folders, into the same group "doveshared", then leverage the Unix permissions, that this group may access the folders. So I do not need to use 0777 everywhere.
Oh, I got mixed you two up in my previous reply :)
So basically, you get to the "single UID virtual users" solution but with GID, right ?
Do you mean your maildirs are all in 0770 <user> doveshared ? But it still gives too much permission in general...Especially if your users can access their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ?
You don't need to put all users into doveshared group. You just need to set mail_extra_groups=doveshared, so only Dovecot processes have such extra access.