[Dovecot] Shared Folders

Timo Sirainen tss at iki.fi
Mon Oct 20 09:25:53 EEST 2003 

On Fri, 2003-10-17 at 19:28, D Canfield wrote:
> I was just wondering if any thought has been given to shared folders and
> how they might be implemented yet?

Some, but I've thought of it as mostly post-1.0 feature.

> The problem with Courier's shared folders is that one person owns the
> folder and while others can see that mailbox, only the owner has write
> access.  This kills most of the utility of shared folders, except for
> use as announcement areas.  

Really? I thought it wanted to set sticky bit to the directory so that
others could write there and they would "own" their posts.

> As I understand it, the reason Courier does it this way is that it uses
> the underlying unix permissions to control access to the mailbox.  I'm
> thinking that even if dovecot uses the same concept for shared folders,
> it should be possible to allow multiple users to write to the folders if
> filesystem ACL support is used.  At least ext3 and XFS both support
> ACL's, so there is a reasonable amount of support for them, and they
> would allow dovecot to give multiple users write access to the folders
> without having to manage it's own security system.  The only issue would
> be that the delivery agent would have to make sure that that ACLs for a
> folder are kept consistent... I'm not even sure dovecot has to be
> ACL-aware.

Filesystem ACLs should work just fine at least with CVS code base. The
only problem is that currently everyone's message flags would be shared
as well. There would be two ways to allow private flags:

a) Do it like Courier with symlinking. Kind of ugly and some complain
about it taking too much inodes.

b) Ignore maildir file flags and just use the flags in index files.
Somewhat more easier to get corrupted.

b) would probably be quite easy to do. You'd just have to figure out
somehow that the mailbox is shared (eg. some empty dovecot-shared file)
and then you'd just add a few checks to code so that Dovecot wouldn't
try to sync maildir flags.

Also I'm not sure how you'd set what permissions new mails would get.
group+r or group+rw? Maybe take from the directory's mode?

Hmmm.. Is it really that easy? ACL extension itself could be supported
later, but filesystem ACLs (even regular UNIX ones) with flags in index
files would provide easy and quick way to get shared mailbox support :)

More information about the dovecot mailing list