[Dovecot] Maildir and Solaris UFS acls
I have a centrally located shared imap folder location. We have several maildir folders with different file system permissions. They are for several groups of people who are loosely related for support purposes.
All mail gets delivered to queue1 just fine. The files are group writable by group1. Some of the mail gets moved via imap to queue2. Queue2's maildir tree is configured with Solaris UFS acls such that any new files are read/write by group1 or group2. If a new file is created within queue2 anywhere, it has the correct permissions.
However, if a message is moved from queue1 to queue2, it retains the permissions that it had within queue1. This is what happens if I use 'mv' within the file system, btw.
Is there any way to configure dovecot such that if a person moves or copies a message to another imap folder, it creates a new file instead of doing a link or mv or whatever? If not, no problem; I was just hoping for an elegant solution to my particular problem. :-)
queue1 - read/write by group1
queue2 - read/write by group1 & group2 through solaris ACLs
BTW, if any file whatsoever in queue2 is not readable by group2, those in group2 cannot read _anything_ in queue2.
thanks
Tom Lieuallen
On 12/20/2010 6:42 PM, Tom Lieuallen wrote:
I have a centrally located shared imap folder location. We have several maildir folders with different file system permissions. ... Is there any way to configure dovecot such that if a person moves or copies a message to another imap folder, it creates a new file instead of doing a link or mv or whatever?
http://wiki2.dovecot.org/MailLocation/Maildir?highlight=%28maildir_copy_with...
The default for maildir_copy_with_hardlinks is "yes", so you may want to turn it off manually. But, I'm not sure you really want to do this. Dovecot acls can protect the files from imap access, and exporting them via a raw filesystem seems counterproductive to your security goal. Also, performance will suffer.
thank you. I believe I have found a workable solution for now. I am using acls within the cur/new/tmp directories of queue1. group2 can't get in the front door of that maildir folder, so those file system acls don't hurt anything.
I guess acls got me into this mess, so they should get me out of it too. :-)
thank you
Tom Lieuallen
Tom Talpey wrote:
On 12/20/2010 6:42 PM, Tom Lieuallen wrote:
I have a centrally located shared imap folder location. We have several maildir folders with different file system permissions. ... Is there any way to configure dovecot such that if a person moves or copies a message to another imap folder, it creates a new file instead of doing a link or mv or whatever?
http://wiki2.dovecot.org/MailLocation/Maildir?highlight=%28maildir_copy_with...
The default for maildir_copy_with_hardlinks is "yes", so you may want to turn it off manually. But, I'm not sure you really want to do this. Dovecot acls can protect the files from imap access, and exporting them via a raw filesystem seems counterproductive to your security goal. Also, performance will suffer.
participants (2)
-
Tom Lieuallen
-
Tom Talpey