On Thu, 11 Apr 2013 16:35:32 +0300 Timo Sirainen <tss@iki.fi> wrote:
On 11.4.2013, at 16.24, Stephan von Krawczynski <skraw@ithnet.com> wrote:
The MTA can work as it used to, if it can just set a group-read permission to the files. So your read-only user would belong to that read-only-group. I'm not sure how Postfix assigns permissions, but if it can't do that you could switch to Dovecot LDA/LMTP which can set the group correctly.
That is not the problem. I can set any type of permission on the mail file itself. Only it does not help because dovecot nevertheless is able to move the mails around or "delete" them by moving to trash box.
No, the idea was to use two UNIX users:
the user that owns the mails and has read-write acces
another read-only user that does not own the mails, has only group-read access. can't do anything at all to the mails.
The directories need to have similar permissions as well (750).
That's about as complicated as patching the MTA to auto-create the acl file, which I did now. I'd say global acls would be a nice coming feature ;-)
-- Regards, Stephan