[Dovecot] IMAP ACLs and global ACLs in v1.2
Timo Sirainen
tss at iki.fi
Sun Nov 16 06:13:37 EET 2008
On Nov 16, 2008, at 5:09 AM, Timo Sirainen wrote:
> Any thoughts?
1. How to handle "anyone" and "authenticated"? It might be nice to let
users share mailboxes, but if they'll start spamming their mailboxes
visible to everyone it'll get really annoying and fast. So I'm
thinking about a setting:
acl_anyone = allow : Let them do what they intended to do. Admins
could have this setting set.
acl_anyone = disallow : Don't allow user to add any ACLs with them.
Fail with NO if tried.
acl_anyone = domain : Treat them as alias for user=@domain which
matches all users from the user's domain (user=@domain matching not
implemented yet).
The default would probably be "disallow".
2. There probably need to be some limits to how many different users
and groups can be used by ACLs and perhaps a limit to how many ACLs in
general each mailbox can have. The latter limit could be configurable,
defaulting to 100 maybe?
The former then would require tracking the users and groups somehow.
Actually the reason why I'm even thinking about it is because of
mailbox listing. I was planning on storing to a dict sharing_user/
acl_user and sharing_user/acl_group keys for each (non-negative) ACL
in user's mailboxes. So to prevent user from spamming the dict full
there would have to be some kind of a limit for this. Again perhaps
100 as the default. The current value could always be read by
iterating through sharing_user/* in dict and counting how many entries
there are.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081116/e6636aa5/attachment.bin
More information about the dovecot
mailing list