On 26.11.2010, at 5.49, Timo Sirainen wrote:
Plan #2: Add support for per-user default namespace ACLs. In the mail root directory if "dovecot-default-acl" file exists, it's used as the default ACLs. I'm not entirely sure what should happen if it conflicts with the global ACLs. Probably they both should be simply merged, since both can only be created by an admin. Probably the per-user ACL should be allowed to override the global ACLs.
Oh, a thought: A default ACL is about what ACLs are applied to a mailbox that doesn't yet have any ACL (or copying ACLs to a newly created mailbox on namespace root level). But would it be also useful to have ACLs that are always added on top of existing ACLs for a mailbox, even if it already has some ACLs set for it? Global ACLs already do this, but would it be useful to have also per-namespace "global" ACLs that acted that way? Possibly not.. But how useful would default ACLs be either? Maybe global ACLs with support for wildcards are all that is needed.