[Dovecot] IMAP ACLs and global ACLs in v1.2

Timo Sirainen tss at iki.fi
Sun Nov 16 06:13:37 EET 2008

On Nov 16, 2008, at 5:09 AM, Timo Sirainen wrote:

> Any thoughts?

1. How to handle "anyone" and "authenticated"? It might be nice to let  
users share mailboxes, but if they'll start spamming their mailboxes  
visible to everyone it'll get really annoying and fast. So I'm  
thinking about a setting:

acl_anyone = allow : Let them do what they intended to do. Admins  
could have this setting set.

acl_anyone = disallow : Don't allow user to add any ACLs with them.  
Fail with NO if tried.

acl_anyone = domain : Treat them as alias for user=@domain which  
matches all users from the user's domain (user=@domain matching not  
implemented yet).

The default would probably be "disallow".

2. There probably need to be some limits to how many different users  
and groups can be used by ACLs and perhaps a limit to how many ACLs in  
general each mailbox can have. The latter limit could be configurable,  
defaulting to 100 maybe?

The former then would require tracking the users and groups somehow.  
Actually the reason why I'm even thinking about it is because of  
mailbox listing. I was planning on storing to a dict sharing_user/ 
acl_user and sharing_user/acl_group keys for each (non-negative) ACL  
in user's mailboxes. So to prevent user from spamming the dict full  
there would have to be some kind of a limit for this. Again perhaps  
100 as the default. The current value could always be read by  
iterating through sharing_user/* in dict and counting how many entries  
there are.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081116/e6636aa5/attachment.bin 

More information about the dovecot mailing list