On Wed, 2009-11-18 at 11:00 -0800, Mark Crispin wrote:
> On Wed, 18 Nov 2009, Timo Sirainen wrote:
> >> For example, given a server which exports
> >> (("" "/")) (("/Users/" "/")) (("/Public" "/"))
> >> what servers permit a client to do:
> >> tag LIST "" /Users/*
> > Dovecot, if configured to do so. And of course not all users, only those
> > that have mailboxes with +l permission to LISTing user.
>
> Does Dovecot configure this by default? Why or why not?
>
> Does Dovecot scan the entire private user tree looking for +l mailboxes,
> or does it have a reverse cache of accessible names? Or does it have a
> global ACL database?
Dovecot uses a database which gets updated when SETACL command is used.
When doing a LIST, it looks up from the database what users probably
have +l mailboxes and then actually verifies that they do before
returning them in LIST.
I guess you could call the database a reverse cache, although there's
currently no way to easily rebuild it so it's less of a cache.. So for
example if a user1 had set +l for foogroup and baruser, and user2 had
set +l for baruser, the database would have entries like:
group=foogroup -> user1
user=baruser -> user1
user=baruser -> user2
This isn't done by default, because Dovecot doesn't really have any
default configuration. It wouldn't really know how to access other
users' mailboxes. It wouldn't know where to store the database. Besides,
the database can be configured in multiple different ways. Admin could
configure a global database file, a per-domain database file, or
everything could be stored in SQL.
If Dovecot had a default configuration, I'd enable this by default.
"anyone" and "anonymous" identifiers are special cases though, SETACLs
to those are disallowed by default to prevent spamming.
> >> To follow-up on my previous question, what clients besides Thunderbird
> >> attempt to do such a command?
> > If that didn't work, I think shared namespaces would be almost unusable
> > in most IMAP clients. Clients don't support accessing mailboxes that
> > they can't LIST (or LSUB, but subscribing would again require LIST to
> > show them).
>
> Please note that I am talking about access to other users' mailboxes and
> not to shared mailboxes. Of course,
> tag LIST "" /Public/*
> should work in the above example.
>
> What I am trying to determine is the use case for
> tag LIST "" /Users/*
I don't think any client treats those two cases differently. They just
want LIST to see everything.
> Is it really true that clients must be able to download a complete tree of
> all possible names in order to be able to access a name?
Do you mean * or also %? I don't know what clients use * vs. %, but I
don't see why * would be any more difficult to implement than %. In any
case I'm not aware of any clients that can access (other users')
mailboxes that can't be reached by LISTing from root level.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: This is a digitally signed message part
URL: <http://mailman13.u.washington.edu/pipermail/imap-protocol/attachments/20091118/0ece228f/attachment.sig>