I was just wondering if any thought has been given to shared folders and how they might be implemented yet? True shared folders are compelling enough to our organization that I've been looking into moving to Cyrus from Courier, but transparent folder migration looks to be nearly impossible for more than a handful of accounts... so that leaves me back at hoping courier or dovecot can eventually do what we want. We have a lot of organizations on campus that have a generic mail address such as "maintenance" of "physics." We don't like the idea of shared accounts (invariably either the mailbox gets forgotten about when a secretary changes, the password gets lost, or everyone on campus ends up with the password), so our policies require such generic accounts to be forwarded to a folder in a "real person's" account. This works well for us, but the users are clamoring for the ability to have more than one person access those folders. The problem with Courier's shared folders is that one person owns the folder and while others can see that mailbox, only the owner has write access. This kills most of the utility of shared folders, except for use as announcement areas. As I understand it, the reason Courier does it this way is that it uses the underlying unix permissions to control access to the mailbox. I'm thinking that even if dovecot uses the same concept for shared folders, it should be possible to allow multiple users to write to the folders if filesystem ACL support is used. At least ext3 and XFS both support ACL's, so there is a reasonable amount of support for them, and they would allow dovecot to give multiple users write access to the folders without having to manage it's own security system. The only issue would be that the delivery agent would have to make sure that that ACLs for a folder are kept consistent... I'm not even sure dovecot has to be ACL-aware. Anyway, if there is a completely different plan in the works, that's great too, but I wanted to at least voice an opinion and offer a suggestion of how to make it work. Thanks DC
On Fri, 2003-10-17 at 19:28, D Canfield wrote:> I was just wondering if any thought has been given to shared folders and > how they might be implemented yet?Some, but I've thought of it as mostly post-1.0 feature.> The problem with Courier's shared folders is that one person owns the > folder and while others can see that mailbox, only the owner has write > access. This kills most of the utility of shared folders, except for > use as announcement areas.Really? I thought it wanted to set sticky bit to the directory so that others could write there and they would "own" their posts.> As I understand it, the reason Courier does it this way is that it uses > the underlying unix permissions to control access to the mailbox. I'm > thinking that even if dovecot uses the same concept for shared folders, > it should be possible to allow multiple users to write to the folders if > filesystem ACL support is used. At least ext3 and XFS both support > ACL's, so there is a reasonable amount of support for them, and they > would allow dovecot to give multiple users write access to the folders > without having to manage it's own security system. The only issue would > be that the delivery agent would have to make sure that that ACLs for a > folder are kept consistent... I'm not even sure dovecot has to be > ACL-aware.Filesystem ACLs should work just fine at least with CVS code base. The only problem is that currently everyone's message flags would be shared as well. There would be two ways to allow private flags: a) Do it like Courier with symlinking. Kind of ugly and some complain about it taking too much inodes. b) Ignore maildir file flags and just use the flags in index files. Somewhat more easier to get corrupted. b) would probably be quite easy to do. You'd just have to figure out somehow that the mailbox is shared (eg. some empty dovecot-shared file) and then you'd just add a few checks to code so that Dovecot wouldn't try to sync maildir flags. Also I'm not sure how you'd set what permissions new mails would get. group+r or group+rw? Maybe take from the directory's mode? Hmmm.. Is it really that easy? ACL extension itself could be supported later, but filesystem ACLs (even regular UNIX ones) with flags in index files would provide easy and quick way to get shared mailbox support :)