[bug-mailutils] Re: imap: personal "shared" folders and ACL ...

[Andreas Barth]

Hi,

* Andreas Barth (address@hidden) [050423 22:25]:
> Now, to summarize for me, I'm still unsure what I should do. After
> these tries, I tend to add a per-user file in some place (I'm not sure
> if $home is a good place even for virtual users - perhaps something
> like /etc/domain-virtual/$domain/$user is better), and read additional
> directories and ACLs from there.

On further consideration, I think a tiered setup would be fine:
1. If there is an entry for some virtual directory in a central place,
   this (and the associated ACLs) are used (one might consider how to
   write such rules of course - it might be handy to be able to write
   rules for address@hidden in the central place).
2. If the subdirectory is not symlinked, the default access is the same
   as of the parent directory; if it is symlinked, the default access is
   none. The default can be overriden by ACLs (where the ACLs should be
   able to be written for full groups) (one might consider to have
   allowing/all ACLs to fullfill certain requirements, e.g. being owned
   by the owner of the directory).

Still open is IMHO how to actually access the files in any of the cases
- is it ok to say "you can read the files only if unix permissions _and_
ACLs are ok"?


Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C