On Fri, Apr 25, 2003 at 04:39:51PM +0300, Timo Sirainen wrote:
On Fri, 2003-04-25 at 14:37, Moe Wibble wrote:
If so, can't you just symlink any maildir dir to .SharedFolder in a users dir?
Well, you could.. If you did it manually, set up permissions correctly and preferrably didn't use shared index files (not so secure). That would also mean that message flags were shared between users.
Oh, really now? Last time I tried (some versions ago) this didn't work out.
I can't exactly remember what the problem was, though. Maybe I'll give it one more shot today.
Well, I can't now think of why it wouldn't work :) At least as read-write, read-only wouldn't work now.
Ah yes, I think that was the point where it failed when I tried. Very unfornationate because ro-access for some users to shared folders where others can write is a must for us.
What negative side effects could sharing the index have?
If user can directly modify it, he could at least make Dovecot display wrong data about the mails, hide mails or possibly cause a buffer overflow.
Okay, doesn't sound so healthy. ;)
Is there a way to safely disable the index only for the shared folders?
Easiest would be to specify different index location so it won't follow symlink to the shared directory, eg.:
default_mail_env = maildir:~/Maildir:INDEX=~/Maildir/indexes/
That is my setup anyways. I remember now; shared folders kind of worked up to the point where I tried to restrict write access for single users through unix (group-)permissions. I think users without write-privileges couldn't even SELECT the folder.
Well, anyways. I'm really looking forward to "completed" sf-support in dovecot. As said, it's the one missing feature that still forces us to stick with cyrus.
I say "completed sf-support" because I figure that what can be done with symlinks now is already half of what we need. The method of having a separate Maildir (that doesn't need to belong to any dovecot user) and symlinking the folders that a user may see into his/her Maildir actually feels much better to me than most other approaches that I have come across. So if we can agree on that being an acceptable way of dealing w/ shared folders then all that's left to add would be: access control.
Since simplicity is my friend I'd vote against ACLs or similar overcomplex bloat for that matter. Instead I imagine an optional ".ro-users"-textfile in every Maildir. That file would simply contain a list of (dovecot) login-names that are to be restricted to r/o-access for that folder. Everybody else who can see the folder (= has it or a symlink to it in his/her Md) and is not listed in ".ro-users" would get r/w-permission.
That would allow to assign three levels of permission (n/a, r/o, r/w) to any user for any shared (or not shared..) folder in an, umm, I'm tempted to say "almost natural" way.
Ofcourse some may say that they need finer granularity of access control. Don't listen to them. ;)
Any opinions? :)
regards
MW