On Fri, 29 Aug 2003, Rick Updegrove wrote: > >UW imapd does not support RFC 2086 ACL. It is not technically possible to > >support UNIX filesystem access controls via RFC 2086 in a useful way. > I have a Cyrus IMAP server which provides a very useful ACL > implementation (on FreeBSD).
Cyrus does not export the UNIX filesystem nor does it use UNIX filesystem access controls. Cyrus exports its own filesystem and implements its own access controls (which happen to be RFC 2086). UW, on the other hand, exports the UNIX filesystem and uses UNIX filesystem access controls. There is too little overlap between UNIX filesystem access controls and RFC 2086 to be useful. ACL2 supposedly fixes this problem. > However, it does not support Maildir (I > realize UW imapd doesn't either without > http://www.davideous.com/imap-maildir/ ) Maildir support is going to be a problem. Maildir support with RFC 2086 style ACL is a bigger problem. > Would you be so kind as to direct me toward a relevant thread or > synopsis on the problems you mention? I have recently become interested > in finding/developing an "IMAP + ACL + Maildir" combination to use with > qmail on FreeBSD. You can review a long set of messages in the archives of the IMAP and IMAPEXT working groups. Or, you can just consider the access controls offered by the UNIX filesystem (chmod, chown, chgrp) and compare that to RFC 2086. At first glimpse, RFC 2086 looks like a proper superset. But then you start getting into all sorts of nasty problems. The ACL namespace equals userids, but name "anyone" is special (so you can't have a userid of "anyone"). Groups are mentioned in passing, but with no clear direction as to how they would work. Rights are inherited from less specific ACLs; there are negative rights to cancel an inherited right, but negative rights are also inherited and can't be cancelled (think of how this would work with UNIX mode 606 when you're the owner and also a group member). RFC 2086 rights associated with mailboxes actually are controlled by a right on the superior name in the hierarchy in UNIX. There's other issues, but those come immediately to mind. > You might want to get someone to add the "ACL question" as well as > provide the URL to "unsupported imap-maildir patches" to the FAQ. I > can't imagine that I am the only one interested in these things : ) The question with ACL will hopefully be overtaken by events. Providing a URL to an unsupported patch has the "marketing" effect of recommending that patch. Since none of the maildir patches work well, I can not recommend any of them. Some people use these patches, but just as many people complain about them. -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum.
