[Dovecot] workaround for shared maildirs

Timo Sirainen tss at iki.fi
Sun Oct 19 12:13:46 EEST 2008


On Sun, 2008-10-19 at 10:10 +0200, Giuliano Gavazzi wrote:
> On S 18 Oct, 2008, at 22:06 , Giuliano Gavazzi wrote:
> [...]
> >
> > namespace public {
> >   separator = .
> >   prefix = INBOX.Public.
> >   inbox = no
> >   location = maildir:/SharedMaildirs/Public:CONTROL=~/Maildir/ 
> > control/Public:INDEX=~/Maildir/index/Public
> >   hidden = yes
> >   list = yes
> >   subscriptions = yes
> > }
> 
> 
> Tested also with dovecot-1.2.alpha2.
> As for file permission, my dovecot-shared is
> 
>   -rw-------+ 1 dovecot     staff    0 Oct 18 14:58 dovecot-shared

If "dovecot" is also running login processes, it's preferrable that it's
not used for anything else. Doesn't really matter here, but the login
processes shouldn't have access to any files anywhere outside their
chroot.

(Wonder if I could rename the dovecot user to something else.. I've
previously also thought about this. dovenone, dovelogin or dovenot
maybe.)

> Now, I have to work out how to limit delete to message owners (and the  
> T flag private) so that only owners or the administrator can delete  
> files.

Dovecot doesn't track message owners, so this probably isn't too easy.
If you use system users then I guess the owner is the file's owner. Then
I can see two possibilities:

a) Modify Dovecot sources to check the owner before allowing delete flag
(or expunge?)

b) chmod +t cur/ directory. But that also disallows all shared flag
changes by non-owner.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081019/340c9f5f/attachment.bin 


More information about the dovecot mailing list