Hi, * Andreas Barth ([EMAIL PROTECTED]) [050423 22:25]: > Now, to summarize for me, I'm still unsure what I should do. After > these tries, I tend to add a per-user file in some place (I'm not sure > if $home is a good place even for virtual users - perhaps something > like /etc/domain-virtual/$domain/$user is better), and read additional > directories and ACLs from there.
On further consideration, I think a tiered setup would be fine: 1. If there is an entry for some virtual directory in a central place, this (and the associated ACLs) are used (one might consider how to write such rules of course - it might be handy to be able to write rules for [EMAIL PROTECTED] in the central place). 2. If the subdirectory is not symlinked, the default access is the same as of the parent directory; if it is symlinked, the default access is none. The default can be overriden by ACLs (where the ACLs should be able to be written for full groups) (one might consider to have allowing/all ACLs to fullfill certain requirements, e.g. being owned by the owner of the directory). Still open is IMHO how to actually access the files in any of the cases - is it ok to say "you can read the files only if unix permissions _and_ ACLs are ok"? Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C _______________________________________________ Bug-mailutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-mailutils
