[Dovecot] Public Namespace and ACLs with pure virtual users
hi!
i would appreciate to have some comments on my below scenario:
# from the config userdb static { args = uid=vmail gid=mail home=/vmail/%d/%n }
namespace public { separator = / prefix = All/ location = maildir:/vmail/%d/all/Maildir:CONTROL=~/Maildir/control/ all:INDEX=~/Maildir/index/all inbox = no hidden = no }
namespace private { separator = / prefix = location = maildir:~/Maildir inbox = yes hidden = no } # end config
the public namespace is also the maildir of the user "all@mydomain".
a sieve skript is dropping mail for all@mydomain to the appropriate
maildir within this maildir/namespace (e.g. .Support/)
first of all: this works to some point but is such a configuration
valid? can a public namespace be the maildir of a user?
if a new mail for all@mydomain comes in, all subscribed users (of
this domain) can view it and it is marked as /Seen individually.
the important feature to me: the /Seen flags are managed per user as
configured in the public namespace
now the problem:
the whole mail system runs with one uid/gid and virtual users, which
has the effect that some user can delete mails in the public
namespace or drop mails into it, create folders etc. this is not
wanted. i wanted a read-only public namespace. so i decided to use
acls. as namespace prefixes are ignored i needed to create them
globally. my first try was:
/etc/dovecot/acls/Support:
owner lrwstiekxa authenticated lr
which lead to the result that other users than all@mydomain cannot
manipulate the public namespace at all, including setting their /Seen
flag. that was the first surprise to me as i thought this flag would
be managed seperately in the users homes.
after a (very short) thought i came to this (allow setting the /Seen
flag for others):
owner lrwstiekxa authenticated lrs
which lead to another unexpected result: the /Seen flag is now set
globally. if one user marks a mail /Seen, it is /Seen for all other
users too.
where is the problem? except for the iso/osi layer 8 problem i am
aware of...
marc
On Wed, 2007-05-23 at 17:30 +0200, Marc Delling wrote:
first of all: this works to some point but is such a configuration
valid? can a public namespace be the maildir of a user?
Yes.
now the problem: the whole mail system runs with one uid/gid and virtual users, which
has the effect that some user can delete mails in the public
namespace or drop mails into it, create folders etc. this is not
wanted. i wanted a read-only public namespace. so i decided to use
acls. as namespace prefixes are ignored i needed to create them
globally.
That's exactly the reason why I think you shouldn't use global ACLs. You could instead create dovecot-acl file to the maildir itself.
/etc/dovecot/acls/Support:
owner lrwstiekxa authenticated lr
which lead to the result that other users than all@mydomain cannot
manipulate the public namespace at all, including setting their /Seen
flag. that was the first surprise to me as i thought this flag would
be managed seperately in the users homes.
Well, yes, but you're explicitly telling the ACL plugin to prevent even that.
after a (very short) thought i came to this (allow setting the /Seen
flag for others):owner lrwstiekxa authenticated lrs
which lead to another unexpected result: the /Seen flag is now set
globally. if one user marks a mail /Seen, it is /Seen for all other
users too.
ACL plugin shouldn't have anything to do with that decision. The \Seen flag is stored privately if you have created dovecot-shared file to the maildir. There isn't yet support for separate shared and private flags (and I'm not sure if there ever will be).
On Mon, Jun 04, 2007 at 04:28:56AM +0300, Timo Sirainen wrote:
ACL plugin shouldn't have anything to do with that decision. The \Seen flag is stored privately if you have created dovecot-shared file to the maildir.
Is it possible to have dovecot enforce the file mode and group owner of inserted mails without causing flags to be stored privately? Its looking like I will have to use a cron job to fix file permissions on mails added to shared mail folders by imap clients. I'd be willing to implement a local permanent patch but I haven't looked into how easy it would be yet because I did not (until now) realize that this behavior was intended.
On Sun, 2007-06-03 at 22:26 -0400, Adam McDougall wrote:
On Mon, Jun 04, 2007 at 04:28:56AM +0300, Timo Sirainen wrote:
ACL plugin shouldn't have anything to do with that decision. The \Seen flag is stored privately if you have created dovecot-shared file to the maildir.
Is it possible to have dovecot enforce the file mode and group owner of inserted mails without causing flags to be stored privately? Its looking like I will have to use a cron job to fix file permissions on mails added to shared mail folders by imap clients. I'd be willing to implement a local permanent patch but I haven't looked into how easy it would be yet because I did not (until now) realize that this behavior was intended.
src/lib-storage/index/maildir/maildir-storage.c around line 539:
mbox->private_flags_mask = MAIL_SEEN;Set that to 0.
On Mon, Jun 04, 2007 at 05:50:01AM +0300, Timo Sirainen wrote:
On Sun, 2007-06-03 at 22:26 -0400, Adam McDougall wrote:
On Mon, Jun 04, 2007 at 04:28:56AM +0300, Timo Sirainen wrote:
ACL plugin shouldn't have anything to do with that decision. The \Seen flag is stored privately if you have created dovecot-shared file to the maildir.
Is it possible to have dovecot enforce the file mode and group owner of inserted mails without causing flags to be stored privately? Its looking like I will have to use a cron job to fix file permissions on mails added to shared mail folders by imap clients. I'd be willing to implement a local permanent patch but I haven't looked into how easy it would be yet because I did not (until now) realize that this behavior was intended.
src/lib-storage/index/maildir/maildir-storage.c around line 539:
mbox->private_flags_mask = MAIL_SEEN;Set that to 0.
Thanks, finally got around to testing it in my environment and it seems to work fine.
On 6/3/2007 Timo Sirainen (tss@iki.fi) wrote:
ACL plugin shouldn't have anything to do with that decision. The \Seen flag is stored privately if you have created dovecot-shared file to the maildir. There isn't yet support for separate shared and private flags (and I'm not sure if there ever will be).
Yikes!
Or maybe I musunderstood...
I have a real need to have (at least) one shared folder (inbound faxes) with shared \Seen flags - so the 5 people assigned to monitor it will know when someone else has seen/forwarded a new fax - and private \Seen flags on other shared maildirs (like distribution lists, etc)...
Are you saying this may never be possible?
--
Best regards,
Charles
On Mon, 2007-06-04 at 13:53 -0400, Charles Marcus wrote:
On 6/3/2007 Timo Sirainen (tss@iki.fi) wrote:
ACL plugin shouldn't have anything to do with that decision. The \Seen flag is stored privately if you have created dovecot-shared file to the maildir. There isn't yet support for separate shared and private flags (and I'm not sure if there ever will be).
Yikes!
Or maybe I musunderstood...
I have a real need to have (at least) one shared folder (inbound faxes) with shared \Seen flags - so the 5 people assigned to monitor it will know when someone else has seen/forwarded a new fax - and private \Seen flags on other shared maildirs (like distribution lists, etc)...
Are you saying this may never be possible?
No, not never. I'll probably add private_flags setting to dovecot-shared file or something.
But if you use a single UID for all users you can already do this by not adding dovecot-shared file for mailboxes where you don't want private \Seen flags.
I have a real need to have (at least) one shared folder (inbound faxes) with shared \Seen flags - so the 5 people assigned to monitor it will know when someone else has seen/forwarded a new fax - and private \Seen flags on other shared maildirs (like distribution lists, etc)...
Are you saying this may never be possible?
No, not never. I'll probably add private_flags setting to dovecot-shared file or something.
Ak, ok, gotcha...
But if you use a single UID for all users you can already do this by not adding dovecot-shared file for mailboxes where you don't want private \Seen flags.
Gak! I can't believe I missed that... thanks!
--
Best regards,
Charles
participants (4)
-
Adam McDougall
-
Charles Marcus
-
Marc Delling
-
Timo Sirainen