On Wed, 2010-08-25 at 15:51 +0200, Chris Moules wrote:
I think you could pretty easily add support for "default ACL file" that is used instead of the internal ACL defaults. I've been planning on doing that at some point anyway. Maybe ~/Maildir/dovecot-acl-default or something.
So, that should be a patch to the current ACL plugin?
Yes.
Any pointers on where to start with that? I only started on dovecot plugin programming yesterday. The ACL plugin seemed the most complex so I avoided it for 'learning'.
Hmm.. Now that I look at the code, the default ACL handling is a bit strange and I guess it needs some rethinking. But, I think for your purpose you can do it very easily. acl-backend.c contains:
static const char *const owner_mailbox_rights[] = { ..
Simply change that list to what rights you want to have (probably LOOKUP, READ).
The plugin forces the MAILBOX_OPEN_READONLY flag in a mailbox_open() call.
Yeah .. this flag isn't enforced much really.. I think I should just remove it.
Well, that explains why it seemed to work, but not really. An alternative to removing it could be to enforce it...
The reason why I didn't want to do that was because it wasn't entirely clear what operations should be readonly and what shouldn't. For example originally I was using READONLY whenever mailbox was opened with IMAP's EXAMINE command instead of SELECT command. But it's still valid to save a new message via APPEND command, because it doesn't care about what mailbox is selected at the time. But Dovecot optimized this so that it used the existing EXAMINEd readonly mailbox, which then failed saving. Another possible fix would have been to simply open the same mailbox again as readwrite, but that wasted CPU, memory and maybe disk I/O..