-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, playing around with Dovecot's v1.2 ACLs I wondered about some things about the dovecot-acl files: + They are created within the Maildirs, as described in http://wiki.dovecot.org/ACL. But why? Shouldn't they belong to the CONTROL= directories? So it is more compatible with filesystem quota. + They have 0666 permissions, but all other files (e.g. when I create a new mailbox) have 0660 permissions. Are the permissions selected explicitly to allow "a"-right for other (system) users? + When one removes all rights, the size of the file drops to zero. The wasted space is no great deal; but how much processing is wasted if such file is present? I mean, the log says that the files are opened very regularily. Would it help to remove zero-size files? Regards, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSjdoh3WSIuGy1ktrAQKlfQf/X6jxEKTINNwdiFAYq7XEW78Lgjf7FDNc xK3PnT8Opz+4yCiWxDSlUSJPjdc2csTIimR1ZKDn2hUN54jcfJBt6U6bWKPl6rvB Fyycsnx3ONNiYBaqcIoFG4LWGk+QLnXZaVWdCVil2Pn3LotW2Unxe26d51pvt38Q N8dXyyv1yaCpIBzhgFYyn0J7DZxM8HzWUVZNybXGnwm1u13GPf+g7pMlAcF0wNsQ 6gSrFVmu3tzp5FF+3v5rb7GVMAYyLeKeZkzDBOQetuNCkUrUcY3qqYplwKEHvLe5 70e69zh7epGPw9UiSV/FJm+Q/GStz7T7vl7hdoO+WHeJcDhX/IXFBg==XTLy -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 16 Jun 2009, Steffen Kaiser wrote:> playing around with Dovecot's v1.2 ACLs I wondered about some things about > the dovecot-acl files: > > + They are created within the Maildirs, as described in > http://wiki.dovecot.org/ACL. > > But why? Shouldn't they belong to the CONTROL= directories? So it is more > compatible with filesystem quota. > > + They have 0666 permissions, but all other files (e.g. when I create a > new mailbox) have 0660 permissions. > > Are the permissions selected explicitly to allow "a"-right for other > (system) users?OK, because of the "a"-right, any user must be potentially able to change the dovecot-acl files, hence, they are neither in the CONTROL directory nor permissions other than 0666. But why has dovecot-acl-list permissions 0660? It looks like Dovecot first writes a temp file (*.lock), then replaces the dovecot-acl file only, if no over quota happens. There is a problem, if dovecot-acl could be updated, but dovecot-acl-list could not. SETACL succeeds in this case, is this a problem? Bye, - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSjecKnWSIuGy1ktrAQLQTgf+KcqbDLsVp3D5GBVGlRZamxmZYzietdpT oOYqIupoFkFpM+G//kHCKYBRF2szdpJKxywYeJR4LRTT7pEkW51p+FIRc0B+qAGO XRBX+K1X/JAXHKabA+ruWOWWE0F9bWrB7AqxiW44rGxXP7mTezaDLYTOVG5ojHx3 2su3CAmPX18TSKWy/V98OdPGcd+LxvsotQi1a+5fky47LKZRtVxzxp5ZqTtyRB1g EorY2u+B2dZfYhFjwJoqxtqiHpVjIPBeXxQcOO5Fbg/SHVLL01TrzmqDeMu5DazT 8A63YZc1hWTDhddQUljs5e6tT7Hsfx/0FvZhzEZQfJsCC7EZT3UiiQ==qXTX -----END PGP SIGNATURE-----
On Tue, 2009-06-16 at 11:40 +0200, Steffen Kaiser wrote:> playing around with Dovecot's v1.2 ACLs I wondered about some things about > the dovecot-acl files: > > + They are created within the Maildirs, as described in > http://wiki.dovecot.org/ACL. > > But why? Shouldn't they belong to the CONTROL= directories? So it is more > compatible with filesystem quota.dovecot-acl-list's point is that all users see that file, but in some setups each user has separate control directories.> + They have 0666 permissions, but all other files (e.g. when I create a > new mailbox) have 0660 permissions.I think this was a bug that was fixed by http://hg.dovecot.org/dovecot-1.2/rev/c8bb7c18f17b> + When one removes all rights, the size of the file drops to zero. The > wasted space is no great deal; but how much processing is wasted if such > file is present? I mean, the log says that the files are opened very > regularily. Would it help to remove zero-size files?Empty dovecot-acl-list file is better for performance. If it didn't exist, Dovecot would rebuild it by going through all mailboxes.> It looks like Dovecot first writes a temp file (*.lock), then replaces the > dovecot-acl file only, if no over quota happens. > There is a problem, if dovecot-acl could be updated, but dovecot-acl-list > could not. SETACL succeeds in this case, is this a problem?This should help with it: http://hg.dovecot.org/dovecot-1.2/rev/8206c38856ff -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20090622/1bdc2294/attachment-0002.bin>