On 22.3.2007, at 12.33, Mike Brudenell wrote:
Q1. Are there plans to add support for ACLs in the future, along
with an end-user accessible means of setting these up and manipulating
them?
Sure, in the future. :)
We are using filestore quotas for the Maildirs, so at present a
user's Maildir directories and files are owned by their username
(UNIX uid) and group (UNIX gid).
Just a reminder that control files can be problematic. http:// wiki.dovecot.org/Quota/FS
So looking to the future, I'm therefore thinking that instead of
having each user's Maildir directories and files owned by their
UNIX uid and gid I should instead have them owned by their UNIX uid
and a common-to-everyone UNIX gid. Eg,drwxrwx--- user1:mail directoryname -rw-rw---- user1:mail filenameI realise there is an element of risk here, as we would be relying
on Dovecot's security to limit access so that only authorised users
can access a given person's mailbox.Is this the right approach to adopt? Or is there a better way of (one day) enabling Person A to share
their mailbox to Person B but not Person C?
I was thinking that the ACL plugin could some day be able to
automatically figure out what would be the group containing the
minimum set of users who can access the mailbox. If everything else
fails, then use the "mail" group or something which contains everyone.
(We need a solution that is general and based on ACLs, not one that
relies on our creating custom UNIX groups and assigning people's
usernames to these.)
If you don't want to create any kind of groups (like "administrative
people", "students", etc.) then I guess the mail group is the only
possibility. But don't give the users directly access to the mail
group, just set Dovecot's mail_extra_groups = mail setting.