Hi all,
I'm trying to replace the "Public Folders" functionality in Exchange server. At first I thought it'd be something easily do-able with an IMAP server so I immediately thought of Dovecot. I setup what I though would work and things started to go a little screwy with subscription settings and the like.
I started off by making a public maildir folder (in /home/public/Maildir) and setting the namespaces up in /usr/local/etc/dovecot.conf like this:
namespace private {
separator = /
prefix = INBOX/
location = maildir:%h/Maildir
inbox = yes
}
namespace public {
separator = /
prefix = Public/
location = maildir:/home/public/Maildir
inbox = no
hidden = no
}
The folder /home/public/Maildir has owner root:users and mode 770, and the file dovecot-shared in there has the same owner and mode 660.
I logged with Thunderbird as user 1 and everything seems to work fine. However, when I logged in as user 2 I was getting all kinds of errors. On checking the permissions of /home/public/Maildir/subscriptions it was user1:user1 with mode 600.
So then I thought "well, I'll change it to user1:users 660 and then everyone should be able to change it". I was very wrong. Whenever someone changed it, the ownership changed to userx:userx 600. Even when I tried setting the ownership to root:users and mode to 640, anyone could change it and set it to their own name (thus preventing anyone else from using it).
To be perfectly honest, I'd ideally like to give people separate subscription settings anyway. I thought about symlinking the folders in, but that makes it a manual process to add new folders to everyone's maildirs.
Can anyone please give me any pointers?
Many thanks,
Mark Lidstone IT Administrator
BMT Nigel Gee & Associates Ltd Floors 1-3, Building 14, Shamrock Quay, William Street, Southampton SO14 5QL UK
Tel: 023 8022 6655 Fax: 023 8022 8855
Visit Our Website: <http://www.ngal.co.uk>
CONFIDENTIAL
The information contained in this e-mail and any attachment is confidential. It is intended only for the named addressee(s). If you are not the named addressee please notify the sender immediately and do not disclose, copy or distribute the contents to any other person other than the intended addressee(s).
VIRUSES
The contents of an attachment to this e-mail may contain software viruses which could damage your own computer system. While BMT Nigel Gee and Associates Ltd has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.
Mark Lidstone wrote:
Hi all,
I logged with Thunderbird as user 1 and everything seems to work fine. However, when I logged in as user 2 I was getting all kinds of errors. On checking the permissions of /home/public/Maildir/subscriptions it was user1:user1 with mode 600.
Just a thought, but have you tried setting the INDEX location in the default_mail_env ? I'm not certain, but I believe the subscriptions file is included in the INDEX set, and by setting its location elsewhere, you would prevent it from being inside the Maildir. This would prevent ownership hijacking, AND let everyone have their own subscriptions.
I'm not certain of this, so either someone else can fill in the details, or you could check the source (and please report your findings:)
To be perfectly honest, I'd ideally like to give people separate subscription settings anyway. I thought about symlinking the folders in, but that makes it a manual process to add new folders to everyone's maildirs.
Of course, I'm assuming you've read the Wiki (it looks like you have...)
-- Curtis Maloney cmaloney@cardgate.net
On Fri, 2006-03-17 at 16:03 +0000, Mark Lidstone wrote:
I logged with Thunderbird as user 1 and everything seems to work fine. However, when I logged in as user 2 I was getting all kinds of errors. On checking the permissions of /home/public/Maildir/subscriptions it was user1:user1 with mode 600.
Looks like at some point I've thought about adding "subscriptions" setting to namespaces where you could configure if each one should have separate ones. For public/shared namespaces I guess this should default to "no".
Unfortunately I don't think it's easy to currently make namespace's subscriptions exist in another namespace. I'll add this in TODO, but you could maybe kludge around this by changing the code, eg. set umask to 0 before file_dotlock_open() in src/lib-storage/subscription-file/subscription-file.c and back to original value afterwards.
participants (3)
-
Curtis Maloney
-
Mark Lidstone
-
Timo Sirainen