On Mon, Mar 22, 2010 at 10:25:45AM +0100, Steffen Kaiser wrote: > My idea was to put everybody sharing folders and everybody, who may access > shared folders, into the same group "doveshared", then leverage the > Unix permissions, that this group may access the folders. So I do not need > to use 0777 everywhere.
So basically, you get to the "single UID virtual users" solution but with GID, right ? Do you mean your maildirs are all in 0770 <user> doveshared ? But it still gives too much permission in general...Especially if your users can access their mailboxes outside of IMAP (NFS, CIFS, ...). How do you deal with that ? > Do you use 0777 Unix perm on all Maildir's and mail folders? Is it working > reliable, when mails are dropped with Deliver and APPEND, and when the > MUA creates new (sub-)folders? Well, it was still a theorical question. I haven't really tried anything yet. Also, I'm not using deliver (I know I should) but procmail. But since for me mail_location is not accessible for users by anything else than IMAP, loose permissions may not be such a critical issue... Besides, I was thinking of creating as many groups (similar in purpose to your doveshared one) as needs to share a mailbox, if and only if I could somehow restrict (politically I mean) the use of shared mailboxes to "privileged" users (for instance a unit chief and his assistant, ...). Not really scalable I'm afraid though.... -- Thomas Hummel | Institut Pasteur <hum...@pasteur.fr> | Pôle informatique - systèmes et réseau
