How are you guys planning on handling email in AFS? (You'll want to use maildir for sure, but I think its already in use.)
I'd suggest creating seperate mail.<user> volumes and mounting them all at /afs/hcoop.net/common/emailroot/<user> or similar and deliver email there. You want to NOT allow users to be able to mount volumes here by not granting them "a" access on the volume. That way they can't treat another user's mailbox as one of their folders. You can also mount this volume at ~/Maildir in each user's volume, but you'll want to redirect the mail daemon to use the common/emailroot path, as users can change the mount points in theor own home directories. You can see what the minimum requirements are for the mail daemon to deliver email and grant only those perms. Also, I'm not sure if you are going to be able to allow exim filters, as people may be able to access other's email using them. I don't know enough about these filters to know for sure though. Are you currently preventing arbitrary executables from being run from .forward files .procmail filters? B/c you'll want to do so. Of course, if you have a method for the SMTP server to change to each user's tokens, then all should be well. (This isn't easy to setup and is a pain to maintain though, in addition to the performance issues.) Note that uid changes are useless with AFS. I'd recomend using dovecot for IMAP (and POP if its offered) as I've used it and its possible to get it to work with the users Kerberos password and obtain AFS tokens using PAM correctly. I have seen a patch for the dovecot in sarge to get it to work with AFS correcntly (hard links don't work in AFS.) The version in testing may just work though, I'm not sure. I do think its useful to actually have email delivered into AFS, but I'll warn you that even CMU (were AFS was developed) has stopped doing so b/c of performance issues. I'm on the #hcoop IRC channel right now if people think a discusion on there would be useful. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
