[dovecot] Re: shared folders?

Moe Wibble eskimoe at ananzi.co.za
Fri Apr 25 20:06:17 EEST 2003 

On Fri, Apr 25, 2003 at 04:39:51PM +0300, Timo Sirainen wrote:
> On Fri, 2003-04-25 at 14:37, Moe Wibble wrote:
> > > > If so, can't you just symlink any maildir dir to .SharedFolder in a users dir?
> > > 
> > > Well, you could.. If you did it manually, set up permissions correctly
> > > and preferrably didn't use shared index files (not so secure). That
> > > would also mean that message flags were shared between users.
> > 
> > Oh, really now?
> > Last time I tried (some versions ago) this didn't work out.
> > 
> > I can't exactly remember what the problem was, though.
> > Maybe I'll give it one more shot today.
> 
> Well, I can't now think of why it wouldn't work :) At least as
> read-write, read-only wouldn't work now.

Ah yes, I think that was the point where it failed when I tried.
Very unfornationate because ro-access for some users to shared folders 
where others can write is a must for us.

> > What negative side effects could sharing the index have?
> 
> If user can directly modify it, he could at least make Dovecot display
> wrong data about the mails, hide mails or possibly cause a buffer
> overflow.

Okay, doesn't sound so healthy. ;)

> > Is there a way to safely disable the index only for the shared folders?
> 
> Easiest would be to specify different index location so it won't follow
> symlink to the shared directory, eg.:
> 
> default_mail_env = maildir:~/Maildir:INDEX=~/Maildir/indexes/

That is my setup anyways.
I remember now; shared folders kind of worked up to the point where I tried
to restrict write access for single users through unix (group-)permissions.
I think users without write-privileges couldn't even SELECT the folder.

Well, anyways.
I'm really looking forward to "completed" sf-support in dovecot.
As said, it's the one missing feature that still forces us to
stick with cyrus. 

I say "completed sf-support" because I figure that what
can be done with symlinks now is already half of what we need.
The method of having a separate Maildir (that doesn't need to belong
to any dovecot user) and symlinking the folders that a user may
see into his/her Maildir actually feels much better to me than
most other approaches that I have come across. So if we can agree on
that being an acceptable way of dealing w/ shared folders then
all that's left to add would be: access control.

Since simplicity is my friend I'd vote against ACLs or similar
overcomplex bloat for that matter.
Instead I imagine an optional ".ro-users"-textfile in every Maildir.
That file would simply contain a list of (dovecot) login-names that are to be
restricted to r/o-access for that folder.  Everybody else who can see the
folder (= has it or a symlink to it in his/her Md) and is not listed in
".ro-users" would get r/w-permission.

That would allow to assign three levels of permission (n/a, r/o, r/w)
to any user for any shared (or not shared..) folder in an, umm, I'm tempted to
say "almost natural" way.

Ofcourse some may say that they need finer granularity of access control.
Don't listen to them. ;)


Any opinions? :)

regards
-- 
MW

More information about the dovecot mailing list