[Dovecot] dovecot-acl file questions
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
playing around with Dovecot's v1.2 ACLs I wondered about some things about the dovecot-acl files:
- They are created within the Maildirs, as described in http://wiki.dovecot.org/ACL.
But why? Shouldn't they belong to the CONTROL= directories? So it is more compatible with filesystem quota.
- They have 0666 permissions, but all other files (e.g. when I create a new mailbox) have 0660 permissions.
Are the permissions selected explicitly to allow "a"-right for other (system) users?
- When one removes all rights, the size of the file drops to zero. The wasted space is no great deal; but how much processing is wasted if such file is present? I mean, the log says that the files are opened very regularily. Would it help to remove zero-size files?
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSjdoh3WSIuGy1ktrAQKlfQf/X6jxEKTINNwdiFAYq7XEW78Lgjf7FDNc xK3PnT8Opz+4yCiWxDSlUSJPjdc2csTIimR1ZKDn2hUN54jcfJBt6U6bWKPl6rvB Fyycsnx3ONNiYBaqcIoFG4LWGk+QLnXZaVWdCVil2Pn3LotW2Unxe26d51pvt38Q N8dXyyv1yaCpIBzhgFYyn0J7DZxM8HzWUVZNybXGnwm1u13GPf+g7pMlAcF0wNsQ 6gSrFVmu3tzp5FF+3v5rb7GVMAYyLeKeZkzDBOQetuNCkUrUcY3qqYplwKEHvLe5 70e69zh7epGPw9UiSV/FJm+Q/GStz7T7vl7hdoO+WHeJcDhX/IXFBg== =XTLy -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 16 Jun 2009, Steffen Kaiser wrote:
playing around with Dovecot's v1.2 ACLs I wondered about some things about the dovecot-acl files:
- They are created within the Maildirs, as described in http://wiki.dovecot.org/ACL.
But why? Shouldn't they belong to the CONTROL= directories? So it is more compatible with filesystem quota.
- They have 0666 permissions, but all other files (e.g. when I create a new mailbox) have 0660 permissions.
Are the permissions selected explicitly to allow "a"-right for other (system) users?
OK, because of the "a"-right, any user must be potentially able to change the dovecot-acl files, hence, they are neither in the CONTROL directory nor permissions other than 0666. But why has dovecot-acl-list permissions 0660?
It looks like Dovecot first writes a temp file (*.lock), then replaces the dovecot-acl file only, if no over quota happens. There is a problem, if dovecot-acl could be updated, but dovecot-acl-list could not. SETACL succeeds in this case, is this a problem?
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSjecKnWSIuGy1ktrAQLQTgf+KcqbDLsVp3D5GBVGlRZamxmZYzietdpT oOYqIupoFkFpM+G//kHCKYBRF2szdpJKxywYeJR4LRTT7pEkW51p+FIRc0B+qAGO XRBX+K1X/JAXHKabA+ruWOWWE0F9bWrB7AqxiW44rGxXP7mTezaDLYTOVG5ojHx3 2su3CAmPX18TSKWy/V98OdPGcd+LxvsotQi1a+5fky47LKZRtVxzxp5ZqTtyRB1g EorY2u+B2dZfYhFjwJoqxtqiHpVjIPBeXxQcOO5Fbg/SHVLL01TrzmqDeMu5DazT 8A63YZc1hWTDhddQUljs5e6tT7Hsfx/0FvZhzEZQfJsCC7EZT3UiiQ== =qXTX -----END PGP SIGNATURE-----
On Tue, 2009-06-16 at 11:40 +0200, Steffen Kaiser wrote:
playing around with Dovecot's v1.2 ACLs I wondered about some things about the dovecot-acl files:
- They are created within the Maildirs, as described in http://wiki.dovecot.org/ACL.
But why? Shouldn't they belong to the CONTROL= directories? So it is more compatible with filesystem quota.
dovecot-acl-list's point is that all users see that file, but in some setups each user has separate control directories.
- They have 0666 permissions, but all other files (e.g. when I create a new mailbox) have 0660 permissions.
I think this was a bug that was fixed by http://hg.dovecot.org/dovecot-1.2/rev/c8bb7c18f17b
- When one removes all rights, the size of the file drops to zero. The wasted space is no great deal; but how much processing is wasted if such file is present? I mean, the log says that the files are opened very regularily. Would it help to remove zero-size files?
Empty dovecot-acl-list file is better for performance. If it didn't exist, Dovecot would rebuild it by going through all mailboxes.
It looks like Dovecot first writes a temp file (*.lock), then replaces the dovecot-acl file only, if no over quota happens. There is a problem, if dovecot-acl could be updated, but dovecot-acl-list could not. SETACL succeeds in this case, is this a problem?
This should help with it: http://hg.dovecot.org/dovecot-1.2/rev/8206c38856ff
participants (2)
-
Steffen Kaiser
-
Timo Sirainen