Aaron Stone wrote:
Oh, that's perfect then. So the next question is what steps would we want
to take in the dbmail utilities to restrict access to add/modify/delete
users, maintain the database, etc?
That's easy. You've already added the -f switch to all tools. So you can
already use different configs for different tasks using different
db-users with different privileges.
We could expand that to include searching for ~/.dbmailrc, or
/etc/dbmail/`whoami`-dbmailrc, or whatever for authentication
information. That would enable sysadmins to assign different default
parameters to different users.
Next we could overload the database parameters in each config stanza. Like:
if not getdbparam('IMAPD'):
getdbparam('DBMAIL')
db_connect()
And there you can assign specific grants to each of the daemons and main
tools.
But what started this thread was the current misconception in the acl
code that assumes a 1-1 relation between a mailbox, a user, and a acl
mask. There's simply no concept of group logic in the current code.
--
________________________________________________________________
Paul Stevens mailto:[EMAIL PROTECTED]
NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED]
The Netherlands________________________________http://www.nfg.nl
