[Dovecot] Shared maildirs

[Charles Marcus]

>> 1. 'Seen' flags (I know there are more - but these are the only ones I 
>> need to be able to configure) - I need to be able to set these as 'Per 
>> User', on a per Folder basis. If this option is *not* set on a folder, 
>> then the server should maintain the seen state - any user can change it, 
>> and all will see the new state.
>>
>> It wouldn't matter to me which was the default behavior - ie, if I had 
>> to set seen='per user', or seen='server'.

> This isn't on my paid-to-do list, but I'll probably add support for this
> after ACLs work in general. I'll do it by making Dovecot store the
> per-user-flags into index files only, hope that's good enough..

Sure... as long as it works... :)

So, the initial support will be only for server-side 'blanket' seen/read 
state - when one person marks it as seen, it will show as seen/read by 
everyone else?

>> 2. 'Hide Unreadable' Global flag - if I set it, then users should not 
>> even see shared folders that they don't have at least read-only perms. 
>> Samba does this really well with shares - any folders inside a share are 
>> invisible to users who don't have perms to open them.

> IMAP ACLs have separate "can see" and "can open" flags.

Good - so maybe another questions is, which ACL flags will be supported 
with the initial implementation, and roughly how long before full 
support for all IMAP ACLs?

>> 3. ACLs - ability to set user and group ACLs on a per folder (or per 
>> group of folders) basis.

> Yep. Although I'm not exactly sure how groups should be configured for
> users. If users are in /etc/passwd, using /etc/group is probably a good
> idea. But for virtual users then should there be also virtual groups,
> and how are they configured?

Well, ianap, but... shouldn't this simply be left to whatever auth 
mechanism is implemented? I use virtual groups in my setup, so shouldn't 
Dovecot just validate them as it does users now?

>> Do IMAP ACLs support the ability to set whether a user can add new 
>> folders or not (assuming they have read/write perms),

> It has a flag to specify if user can create subfolders for a mailbox.
> Perhaps I could also make it possible to set those flags for a ""
> mailbox, which would control if user can create anything under root.

Sub-folders is enough for me - in fact, I don't want my users to be able 
to create anything willy-nilly - just in the limited p=layground I give 
them. So as long as that support will be coming, that will make me happy. :)

>> and if they are allowed to, whether the ACLs should propogate to
>> (be inherited by) any new sub-folders or not?

> There's no inheritation specified by the spec. I'm not sure if I should
> bother doing that for Dovecot either. Might get difficult to understand
> how the configuration works. Or maybe I could support wildcards, so
> "box/*" would be possible. But those ACLs couldn't then be modified via
> IMAP ACL extension (or maybe they could be, but they just couldn't be
> listed).

Hmmm... well, according to a draft I found, sub-folders should inherit 
the ACLs of the parent folder:

www3.ietf.org/proceedings/04aug/I-D/draft-ietf-imapext-acl-10.txt

If this is indeed the cyrrent spec, it is fine with me. I really have no 
interest in this being 'optional'.

Many thanks, Timo - I am very gratified that you are willing to 
entertain such questions from an obvious non-programmer type.

-- 

Best regards,

Charles