On Wed, 2007-05-23 at 17:30 +0200, Marc Delling wrote: > first of all: this works to some point but is such a configuration > valid? can a public namespace be the maildir of a user?
Yes. > now the problem: > the whole mail system runs with one uid/gid and virtual users, which > has the effect that some user can delete mails in the public > namespace or drop mails into it, create folders etc. this is not > wanted. i wanted a read-only public namespace. so i decided to use > acls. as namespace prefixes are ignored i needed to create them > globally. That's exactly the reason why I think you shouldn't use global ACLs. You could instead create dovecot-acl file to the maildir itself. > /etc/dovecot/acls/Support: > > owner lrwstiekxa > authenticated lr > > which lead to the result that other users than [EMAIL PROTECTED] cannot > manipulate the public namespace at all, including setting their /Seen > flag. that was the first surprise to me as i thought this flag would > be managed seperately in the users homes. Well, yes, but you're explicitly telling the ACL plugin to prevent even that. > after a (very short) thought i came to this (allow setting the /Seen > flag for others): > > owner lrwstiekxa > authenticated lrs > > which lead to another unexpected result: the /Seen flag is now set > globally. if one user marks a mail /Seen, it is /Seen for all other > users too. ACL plugin shouldn't have anything to do with that decision. The \Seen flag is stored privately if you have created dovecot-shared file to the maildir. There isn't yet support for separate shared and private flags (and I'm not sure if there ever will be).
signature.asc
Description: This is a digitally signed message part
