Hi, I'll describe my wanted setup first and than what happened to me on the way to that. Also, I'm quite new in using mailutils and imap, so please forgive me if I went wrong.
I want to setup an imap server for multiple users, and some users have access to role addresses to read mail - at that accounts, just reading, and nothing more. I was using the version of mailutils in debian/sid, that is 0.6.1. Of course, my user base was just using virtual accounts. My first consideration was to change the other namespace in a way that it is per user (and add the possibility for ACLs to the namespace). However, on closer looking, I noticed that I can just add symlinks to the home directory, and that this works fine. However, on an even closer look, I saw that the process runs with root privileges - which is IMHO unnecessary for reading mails (especially as my virtual users have uid/gids). Also, I noticed that imap4d is always setgid mail (in the setup phase already), which means that it is even in the case of using the real user database possible to extend the access privileges (however, I didn't try that the hard way, but with adding a symlink at the proper place, one should be able to read mailboxes gid mail, and perhaps even any file "emulating" a maildir). Now, to summarize for me, I'm still unsure what I should do. After these tries, I tend to add a per-user file in some place (I'm not sure if $home is a good place even for virtual users - perhaps something like /etc/domain-virtual/$domain/$user is better), and read additional directories and ACLs from there. On the user and group setup, I tend to add mail as "hidden group" to the real group, and only get this gid in cases needed, and otherwise, use the normal group. Also, I tend on setuid to a fixed user in my local setup for virtual users, but for general use, probably a more complex strategy is better. Any comments on this is appreciated. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C _______________________________________________ Bug-mailutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-mailutils
