Ahh, I think we had different thoughts on that.
When I originally sent out the request for comments
for the vlimits, I thought the "disable_" routines
were to be the defaults for new users.  This was the
original intent from the responses I got.  This way you
would be able to shut off certain services for users
and you can make an exception for one or two users
by using vmoduser and only enabling some of the
permissions for some of the users.

i.e. allow postmaster IMAP access, but no other users
in the domain.

I guess it could work both ways, however there's no
easy way to set a default for new users (which is what
the original intent was).

Anyone have any comments on this?

Do you think we need both domain permissions and
default new user permissions for each type of permission?
(This is the case for quotas, a domain limit and a default
for new users).

I like the idea of having both (which just generates more
work...).  But we didn't take that into account with the
original design.

I would say that we should do what you were intending
by using the current values as "domain" permissions, and
add a field for "default_user_permissions" that would
populate the gid field of the user password entry.
What I would also do is encapsulate the code you
wrote into a function (you don't need the #ifdefs)
and have it return the mask which can be AND'd with
the gid field of the password entry.  This masking
function could go into vlimits.c and called in the
vauth_getpw() functions.

What do you think?


  > On Tuesday 25 March 2003 17:34, Brian Kolaci wrote:
  > > > i'm going to post (a very similar one) tomorrow for .qmail-limits files.
  > :)
  > i think this should stay in the vauth_getpw function (which is in vauth.c).
  > this way, when you later decide to  disable_imap=1 you won't have to change 
  > for all the users in that domain. also authvchkpw.c (from 
  > courier-imap/authlib) directly calls vauth_getpw.
  > and as i said.. i'm posting a patch vor vcdb.c/vpgsql.c/vsybase.c tomorrow 
  > cover the other auth modules.
  > anyways, i can see that the vpopmail.c:vadduser approach also has a good 
  > point: vlimits would then only serve as a "default" for each domain. one 
  > could still enable _single_ users to access their mail via imap/webmail/ ... 
  > or disable smtp for others. maybe some others post their opinion on this?
  > brian: is this what vlimits was originally indented to be? a default setting 
  > for the users of a domain (well plus some generall max settings..)? 
  > -- 
  > Mit internetten Grüßen / Best Regards
  > ---------------------------------------------------------------------------
  > Justin Heesemann                                        ionium Technologies
  > [EMAIL PROTECTED]                                                www.ionium.org

Reply via email to