Mark Crispin wrote: > > On Tue, 11 Mar 2003, John Carver wrote: > > Has ACL support (rfc2086) been added to imapd? If not, are there any > > plans to do so? I'm planning to evaluate Bynari's InsightConnector > > which uses this feature. > > At the present time, UW imapd does not have ACL support. Unfortunately, > the design of RFC 2086 does not work well to represent UNIX filesystem > access controls. There does not appear to be a way to implement RFC 2086 > with UNIX filesystem access controls in a way that is (1) useful and (2) > compliant with RFC 2086. > > These problems appear to be addressed in a new specification, called ACL2, > described in draft-ietf-imapext-acl-07.txt. I plan to implement ACL2 in > UW imapd as soon as the dust settles on its specification. > > I will be happy to discuss with Bynari about how to proceed, especially as > there is interest at UW about InsightConnector. Ideally, InsightConnector > should work with any IMAP server, including ones which do not have ACL or > ACL2.
Are the problems with implementing ACL support in UW imapd on UNIX filesystems all related to UNIX filesystem permissions, or are there some general issues with RFC 2086? We are looking into adding ACL support using a simple 'advisory' database to store the ACLs, and check against when executing imap commands. In this case, there is no dependence on any underlying file system permission controls, although an external database is required. Also, do you have any recommendations as to where ACL support would best be added? We are finding that mods to the imap command parser (imapd.c), mailbox access routines (mail.c), and individual drivers are all needed. -- Carl Stehle
