[Dovecot] Any chance to access read-only mdboxes?

[Timo Sirainen]

On 28.11.2012, at 10.57, Jost Krieger wrote:

> We would like to provide a self-service restore function to our users
> using their IMAP client of choice..
> 
> Our idea was to use a snapshot (under ZFS, btrfs, whatever) and have it
> available to the user in a namespace.
> 
> Unfortunately, but understandably, dovecot doesn't like the mdbox
> structure to be read-only. Is there any chance to change that?

I think it would be possible. I already added some code for that, but apparently it wasn't enough and I stopped because it's a pretty low priority issue.. Anyway, I think the code changes would be pretty easy to do. So start finding the problematic parts and fixing them and sending me patches. :)

> Our next attempt is to use ACLs, but it's a bit hard to gt the ACLs to
> the correct place in the snapshots, at least for thousands of users.
> 
> Our currents solution (in test) is a quick and dirty patch to introduce
> inheritance to the ACLs by walking up the directory tree, so we need
> only one ACL.

For a long time I've wanted a "default acl" file that applies to the whole namespace. Never got around to implementing that either.

Anyway, ACLs don't help when the reading code itself decides to write to indexes (which it does).