[Dovecot] Shared Folders

D Canfield canfield at uindy.edu
Fri Oct 17 19:28:38 EEST 2003 

I was just wondering if any thought has been given to shared folders and
how they might be implemented yet?  True shared folders are compelling
enough to our organization that I've been looking into moving to Cyrus
from Courier, but transparent folder migration looks to be nearly
impossible for more than a handful of accounts... so that leaves me back
at hoping courier or dovecot can eventually do what we want.

We have a lot of organizations on campus that have a generic mail
address such as "maintenance" of "physics."  We don't like the idea of
shared accounts (invariably either the mailbox gets forgotten about when
a secretary changes, the password gets lost, or everyone on campus ends
up with the password), so our policies require such generic accounts to
be forwarded to a folder in a "real person's" account.  This works well
for us, but the users are clamoring for the ability to have more than
one person access those folders.

The problem with Courier's shared folders is that one person owns the
folder and while others can see that mailbox, only the owner has write
access.  This kills most of the utility of shared folders, except for
use as announcement areas.  

As I understand it, the reason Courier does it this way is that it uses
the underlying unix permissions to control access to the mailbox.  I'm
thinking that even if dovecot uses the same concept for shared folders,
it should be possible to allow multiple users to write to the folders if
filesystem ACL support is used.  At least ext3 and XFS both support
ACL's, so there is a reasonable amount of support for them, and they
would allow dovecot to give multiple users write access to the folders
without having to manage it's own security system.  The only issue would
be that the delivery agent would have to make sure that that ACLs for a
folder are kept consistent... I'm not even sure dovecot has to be
ACL-aware.

Anyway, if there is a completely different plan in the works, that's
great too, but I wanted to at least voice an opinion and offer a
suggestion of how to make it work.  

Thanks

DC

More information about the dovecot mailing list