[Dovecot] Shared folders plans for the future

Timo Sirainen tss at iki.fi
Wed Oct 25 15:05:04 UTC 2006 

On 25.10.2006, at 16.31, Steffen Kaiser wrote:

>> I think the "public folders" configuration will stay as it is now.  
>> Does
>> it really even need anything else? The problematic case is how the  
>> users
>> can share their mailboxes to other users. There are two problems  
>> related
>> to it:
>
>> 1) How to get (quickly) a list of another user's mailboxes that I  
>> have
>> access to?
>
> You need this information for "LIST"? Just asking, it would help  
> for large folder structures only, right? Otherwise, it adds yet  
> another redundant stuff, one needs to maintain and probably fix,  
> e.g. run a nightly job to verify the symlinks.

Well, I don't think the symlinks would normally break by themselves?  
Unless you for some reason manually go and delete them, the only  
problem is if a shared maildir is renamed outside Dovecot.

Mailbox listing is anyway done a lot by the clients, so this  
operation needs to be pretty fast. Doing a stat(box/dovecot-acls) for  
each mailbox could get slow if there are a lot of mailboxes.

>> 2) How to get quickly a list of all users who have mailboxes that  
>> I have
>> access to?
>
> Why do you need this information?
> Wouldn't it better to pass this information araund via, say, EMail?
> Then an user may SELECT a specific mailbox directly or can LIST an  
> specific user.

And how do you select a specific mailbox or list a specific user  
directly with any commonly used IMAP client? You don't, so you'll  
have to show the list of users who have shared mailboxes to you.

> What worries me more is the information in the following two pages:
> http://wiki.dovecot.org/ACL
> http://wiki.dovecot.org/SharedFolders
>
> For virtual users (with just one account for all users) there is no  
> problem, but for real users ACLs superceed filesystem permissions.
> Dovecot would need to maintain the "dovecot-shared" files as well  
> as mangle the permissions correctly.

Yea, this should be implemented some day as some filesystem-backend.

> When an user shares a mailbox to other users, either all these  
> users must belong to one group or Dovecot need to create a group  
> dynamically for them.

Well, I suppose dynamic groups could work, but then you'd have to  
reserve one GID for each different ACL. Probably too much trouble to  
implement..

How many people anyway even need to support users who have shell  
access and can share mailboxes to each others? I don't think all that  
many.

I think there are just two practical ways to implement this:

1) Let sysadmin define all the groups and people who are in them.  
Allow the filesystem ACL backend to manipulate the file mode and  
group directly.

2) Use one or more groups for shared mailboxes which gives a group of  
people access to the mailbox, but the vfile ACL backend is still  
doing the exact permission checks. Like there could be just one  
"shared-mails" group which is set for all mailboxes that are shared,  
but each of then then could contain dovecot-acls file which describes  
who it's shared to.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20061025/a1eb7834/attachment.pgp

More information about the dovecot mailing list