[Kolab-devel] fb concept: pfb cache permissions

Bernhard Reiter bernhard at intevation.de
Thu Sep 9 15:59:48 CEST 2004


On Thursday 09 September 2004 09:43, Martin Konold wrote:
> Am Mittwoch, 8. September 2004 16:42 schrieb Bernhard Reiter:

> Direkt writes to the pfb/fb store is only allowed for its personal pfb/fb.
> Writes to other users pfb is only possible via this server based process
> which checks the corresponding _write_ access to the imap folder and which
> requires the _read_ access to the corresponding imap folder and write
> access to the cache folder.
>
> In order to manage the ACLs for these folders platform independent and
> _without_ local unix users on the filesystem level we depend on the ACL
> handling of Apache here.
>
> > Only Cyrus has that database,
> > so if we use apache webdav directories
> > or a cgi-script they must access the acl database somehow
> > and check permissions against it.
>
> The server based processes can use the ACLs from Cyrus to do their job.
>
> > Thinking more conceptually, the pfb would be an attribute
> > of the folder, readable by all, but subject to writing rules.
>
> Yes!
>
> > pxfb would even have reading restricted.
> >
> > So a webscript for the personal "cache" seems useful.
> > How does it access the acls of imapd?
>
> There is a perl module available which can handle that.

So this perl modules would have the necessary credentials
to read the imapd acls directly from the file system (or werever 
they are saved).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2145 bytes
Desc: signature
URL: <http://lists.kolab.org/pipermail/devel/attachments/20040909/848f46da/attachment.p7s>


More information about the devel mailing list