On Mon, Mar 22, 2010 at 11:51:26AM +0200, Timo Sirainen wrote:
My idea was to put everybody sharing folders and everybody, who may access shared folders, into the same group "doveshared", then leverage the Unix permissions, that this group may access the folders. So I do not need to use 0777 everywhere.
Yes, this is what I originally meant with "it's more difficult for system users".
I get it Timo. But you seem to imply that virtual user setup == single shared UID. In such a setup, isn't it mandatory not to give access to the mailboxes by anything else than IMAP. If so, isn't it quite the same as 0777 with a mail_location outside of user's reach (except through IMAP) ?
You maybe would you rely on filesystem acls to have a finer grain access control ?
-- Thomas Hummel | Institut Pasteur hummel@pasteur.fr | Pôle informatique - systèmes et réseau