On Wed 28 Nov 2012 11:01:23 AM GMT, Timo Sirainen wrote:
On 28.11.2012, at 10.57, Jost Krieger wrote:
I think it would be possible. I already added some code for that, but apparently it wasn't enough and I stopped because it's a pretty low priority issue.. Anyway, I think the code changes would be pretty easy to do. So start finding the problematic parts and fixing them and sending me patches. :)
Will try, but don't hold your breath :-)
Our currents solution (in test) is a quick and dirty patch to introduce inheritance to the ACLs by walking up the directory tree, so we need only one ACL.
For a long time I've wanted a "default acl" file that applies to the whole namespace. Never got around to implementing that either.
We'll at least post the patch.
Anyway, ACLs don't help when the reading code itself decides to write to indexes (which it does).
That's not so important for us, we don't want to protect the snapshot from dovecot, but from user stupidity^Wintervention, like: "But I need that mails, that I moved over yesterday from the snapshot and that are gone now, again."
Yours Jost Krieger
| Jost.Krieger+sig@ruhr-uni-bochum.de Please help stamp out spam! | | Postmaster, JAPH, resident answer machine at RUB Comp. Center | | Sincere words are not sweet, sweet words are not sincere. | | Lao Tse, Tao Te King 81 |