Hi all,
I'm trying to replace the "Public Folders" functionality in
Exchange server. At first I thought it'd be something easily do-able with
an IMAP server so I immediately thought of Dovecot. I setup what I though would
work and things started to go a little screwy with subscription settings and the
like.
I started off by making a public maildir folder (in /home/public/Maildir) and
setting the namespaces up in /usr/local/etc/dovecot.conf like this:
namespace private {
separator = /
prefix = INBOX/
location = maildir:%h/Maildir
inbox = yes
}
namespace public {
separator = /
prefix = Public/
location = maildir:/home/public/Maildir
inbox = no
hidden = no
}
The folder /home/public/Maildir has owner root:users and mode 770, and the file
dovecot-shared in there has the same owner and mode 660.
I logged with Thunderbird as user 1 and everything seems to work fine. However,
when I logged in as user 2 I was getting all kinds of errors. On checking the
permissions of /home/public/Maildir/subscriptions it was user1:user1 with mode
600.
So then I thought "well, I'll change it to user1:users 660 and then
everyone should be able to change it". I was very wrong. Whenever someone
changed it, the ownership changed to userx:userx 600. Even when I tried setting
the ownership to root:users and mode to 640, anyone could change it and set it
to their own name (thus preventing anyone else from using it).
To be perfectly honest, I'd ideally like to give people separate
subscription settings anyway. I thought about symlinking the folders in, but
that makes it a manual process to add new folders to everyone's maildirs.
Can anyone please give me any pointers?
Many thanks,
Mark Lidstone
IT Administrator
BMT Nigel Gee & Associates Ltd
Floors 1-3, Building 14,
Shamrock Quay,
William Street,
Southampton
SO14 5QL
UK
Tel: 023 8022 6655
Fax: 023 8022 8855
Visit Our Website: <http://www.ngal.co.uk>
CONFIDENTIAL
The information contained in this e-mail and any attachment is
confidential. It is intended only for the named addressee(s). If you
are not the named addressee please notify the sender immediately and
do not disclose, copy or distribute the contents to any other person
other than the intended addressee(s).
VIRUSES
The contents of an attachment to this e-mail may contain software
viruses which could damage your own computer system. While BMT Nigel Gee
and Associates Ltd has taken every reasonable precaution to minimise
this risk, we cannot accept liability for any damage which you sustain
as a result of software viruses. You should carry out your own virus
checks before opening the attachment.
Mark Lidstone wrote:> Hi all, > > I logged with Thunderbird as user 1 and everything seems to work fine. However, when I logged in as user 2 I was getting all kinds of errors. On checking the permissions of /home/public/Maildir/subscriptions it was user1:user1 with mode 600.Just a thought, but have you tried setting the INDEX location in the default_mail_env ? I'm not certain, but I believe the subscriptions file is included in the INDEX set, and by setting its location elsewhere, you would prevent it from being inside the Maildir. This would prevent ownership hijacking, AND let everyone have their own subscriptions. I'm not certain of this, so either someone else can fill in the details, or you could check the source (and please report your findings:)> To be perfectly honest, I'd ideally like to give people separate subscription settings anyway. I thought about symlinking the folders in, but that makes it a manual process to add new folders to everyone's maildirs.Of course, I'm assuming you've read the Wiki (it looks like you have...) -- Curtis Maloney cmaloney at cardgate.net
Hi Curtis, Aye, I have read the wiki. I was pretty surprised this wasn't covered to be honest. Well, I've tried playing with the umask setting (thanks for the suggestion Channing) and changing the index locations (thanks Curtis), but no joy. I'm just about to start digging into the source to see if it's something I can sort out myself. Many thanks everyone, Mark Lidstone -----Original Message----- From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org]On Behalf Of Curtis Maloney Sent: 19 March 2006 22:51 To: Mark Lidstone Cc: dovecot at dovecot.org Subject: Re: [Dovecot] Shared namespaces Mark Lidstone wrote:> Hi all, > > I logged with Thunderbird as user 1 and everything seems to work fine. However, when I logged in as user 2 I was getting all kinds of errors. On checking the permissions of /home/public/Maildir/subscriptions it was user1:user1 with mode 600.Just a thought, but have you tried setting the INDEX location in the default_mail_env ? I'm not certain, but I believe the subscriptions file is included in the INDEX set, and by setting its location elsewhere, you would prevent it from being inside the Maildir. This would prevent ownership hijacking, AND let everyone have their own subscriptions. I'm not certain of this, so either someone else can fill in the details, or you could check the source (and please report your findings:)> To be perfectly honest, I'd ideally like to give people separate subscription settings anyway. I thought about symlinking the folders in, but that makes it a manual process to add new folders to everyone's maildirs.Of course, I'm assuming you've read the Wiki (it looks like you have...) -- Curtis Maloney cmaloney at cardgate.net CONFIDENTIAL The information contained in this e-mail and any attachment is confidential. It is intended only for the named addressee(s). If you are not the named addressee please notify the sender immediately and do not disclose, copy or distribute the contents to any other person other than the intended addressee(s). VIRUSES The contents of an attachment to this e-mail may contain software viruses which could damage your own computer system. While BMT Nigel Gee and Associates Ltd has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.
On Fri, 2006-03-17 at 16:03 +0000, Mark Lidstone wrote:> I logged with Thunderbird as user 1 and everything seems to work fine. However, when I logged in as user 2 I was getting all kinds of errors. On checking the permissions of /home/public/Maildir/subscriptions it was user1:user1 with mode 600.Looks like at some point I've thought about adding "subscriptions" setting to namespaces where you could configure if each one should have separate ones. For public/shared namespaces I guess this should default to "no". Unfortunately I don't think it's easy to currently make namespace's subscriptions exist in another namespace. I'll add this in TODO, but you could maybe kludge around this by changing the code, eg. set umask to 0 before file_dotlock_open() in src/lib-storage/subscription-file/subscription-file.c and back to original value afterwards. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 191 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060325/b30a84e1/attachment.bin>
Hi Timo, Thanks for the reply.> -----Original Message----- > From: Timo Sirainen [mailto:tss at iki.fi] > Sent: 25 March 2006 09:42 > To: Mark Lidstone > Cc: dovecot at dovecot.org > Subject: Re: [Dovecot] Shared namespaces > > > On Fri, 2006-03-17 at 16:03 +0000, Mark Lidstone wrote: > > I logged with Thunderbird as user 1 and everything seems to > work fine. However, when I logged in as user 2 I was getting > all kinds of errors. On checking the permissions of > /home/public/Maildir/subscriptions it was user1:user1 with mode 600. > > Looks like at some point I've thought about adding "subscriptions" > setting to namespaces where you could configure if each one > should have > separate ones. For public/shared namespaces I guess this > should default > to "no".In my case it should default to "yes". It allows people to only see the folders with email relating to their projects. At the moment when a project finishes we have to move it to another store so that it's not clogging up everyone's public folder list. Allowing people to only see the folders they want is one of the features that has attracted us to shared namespaces.> Unfortunately I don't think it's easy to currently make namespace's > subscriptions exist in another namespace. I'll add this in > TODO, but you > could maybe kludge around this by changing the code, eg. set > umask to 0 > before file_dotlock_open() in > src/lib-storage/subscription-file/subscription-file.c and back to > original value afterwards.Don't add it in the TODO - you've already done it (basically). I'd cobbled together a real kludge to use the dovecot-shared permissions on the subscriptions file (kinda - only the group permissions, not the user) and was about to post it to the list when I came across the way you'd already handled it. The subscriptions file is stored in the folder pointed to with the "CONTROL" directive - I just put this to a separate place for every user and it works fine. The only thing that's left is getting this added to the Wiki - I don't think anyone's done that yet. Thanks, Mark CONFIDENTIAL The information contained in this e-mail and any attachment is confidential. It is intended only for the named addressee(s). If you are not the named addressee please notify the sender immediately and do not disclose, copy or distribute the contents to any other person other than the intended addressee(s). VIRUSES The contents of an attachment to this e-mail may contain software viruses which could damage your own computer system. While BMT Nigel Gee and Associates Ltd has taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage which you sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.