[Dovecot] Suggested patch: retain user's group privileges after logging into IMAP

Lior Okman lior.okman at gmail.com
Sat Mar 11 18:22:00 EET 2006


Hi,

I'm attaching a suggested patch that lets an authenticated user access
shared IMAP folders even if the user doesn't directly own the storage,
but is a part of a group that has permissions on the storage.

This allows for the administrator to setup a shared mailbox with
permissions given to a group instead of a user, and allow all of the
users that belong to the group to access the mail according to the
file-system permissions.

What do you think? Is this the right way to do this, or am I missing
something security-wise?

I'm also attaching a bug fix for the LDAP passdb, where if the
password scheme wasn't PLAIN, the password would be cleared from
memory before being used to authenticate the user, and the
authentication would fail.

Regards,
Lior
-------------- next part --------------
A non-text attachment was scrubbed...
Name: passdb-ldap.patch
Type: text/x-patch
Size: 613 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20060311/08c0607e/passdb-ldap.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: retain-groups-permissions.patch
Type: text/x-patch
Size: 824 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20060311/08c0607e/retain-groups-permissions.bin


More information about the dovecot mailing list