[Kolab-devel] fb concept: pfb cache permissions
Martin Konold
martin.konold at erfrakon.de
Thu Sep 9 09:43:19 CEST 2004
Am Mittwoch, 8. September 2004 16:42 schrieb Bernhard Reiter:
Hi Bernhard,
> This "web directory" for each user or account in general
> needs to follow the permissions of the corresponding imap folders.
> How can we do this technically?
With Kolab 1 everyone having valid credentials was allowed to upload any fb
list. Actually the situation was even worse with NT4 clients because this
forced us to have an identical shared secret for all users. (the ftp freebusy
user).
With Kolab 2 the situation is much better. The actual generation of fbs and
pfbs is done by a server process which is triggered and parametrized by the
user. This server process requires the credentials of the user to do its work
(access the imap based calendar store).
Direkt writes to the pfb/fb store is only allowed for its personal pfb/fb.
Writes to other users pfb is only possible via this server based process
which checks the corresponding _write_ access to the imap folder and which
requires the _read_ access to the corresponding imap folder and write access
to the cache folder.
In order to manage the ACLs for these folders platform independent and
_without_ local unix users on the filesystem level we depend on the ACL
handling of Apache here.
> Only Cyrus has that database,
> so if we use apache webdav directories
> or a cgi-script they must access the acl database somehow
> and check permissions against it.
The server based processes can use the ACLs from Cyrus to do their job.
> Thinking more conceptually, the pfb would be an attribute
> of the folder, readable by all, but subject to writing rules.
Yes!
> pxfb would even have reading restricted.
> So a webscript for the personal "cache" seems useful.
> How does it access the acls of imapd?
There is a perl module available which can handle that.
Regards,
-- martin
Dipl.-Phys. Martin Konold
e r f r a k o n
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
Nobelstrasse 15, 70569 Stuttgart, Germany
fon: 0711 67400963, fax: 0711 67400959
email: martin.konold at erfrakon.de
More information about the devel
mailing list