On Mon, Mar 22, 2010 at 10:25:45AM +0100, Steffen Kaiser wrote:
My idea was to put everybody sharing folders and everybody, who may access shared folders, into the same group "doveshared", then leverage the Unix permissions, that this group may access the folders. So I do not need to use 0777 everywhere.
So basically, you get to the "single UID virtual users" solution but with GID, right ?
Do you mean your maildirs are all in 0770 <user> doveshared ? But it still gives too much permission in general...Especially if your users can access their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ?
Do you use 0777 Unix perm on all Maildir's and mail folders? Is it working reliable, when mails are dropped with Deliver and APPEND, and when the MUA creates new (sub-)folders?
Well, it was still a theorical question. I haven't really tried anything yet. Also, I'm not using deliver (I know I should) but procmail.
But since for me mail_location is not accessible for users by anything else than IMAP, loose permissions may not be such a critical issue...
Besides, I was thinking of creating as many groups (similar in purpose to your doveshared one) as needs to share a mailbox, if and only if I could somehow restrict (politically I mean) the use of shared mailboxes to "privileged" users (for instance a unit chief and his assistant, ...). Not really scalable I'm afraid though....
-- Thomas Hummel | Institut Pasteur hummel@pasteur.fr | Pôle informatique - systèmes et réseau