On Fri, Nov 26, 2010 at 05:49:16AM +0000, Timo Sirainen wrote:
So plan #1: deprecate this usage. If global-acls is a directory, keep using the old method. But the new preferred method would be for it to be a file that contains all of the global ACLs. Typically there should be very few entries, so this should also be more efficient. Also this would allow setting default ACLs for namespaces by using wildcards. For example you could have:
- masteruser +lrw spam spamuser +lr test/* testuser +lr etc.
+1
Would this also allow -w by looking at the example. Should cater for most cases then.
Plan #2: Add support for per-user default namespace ACLs. In the mail root directory if "dovecot-default-acl" file exists, it's used as the default ACLs. I'm not entirely sure what should happen if it conflicts with the global ACLs. Probably they both should be simply merged, since both can only be created by an admin. Probably the per-user ACL should be allowed to override the global ACLs.
+1
I remember the discussions where set around recursion for this feature: e.g. applying to newly created folders/mailboxes. Is this also planned by #2?
Regards Thomas