Seems like a reasonable approach and a good patch. I might suggest some feedback, preferably to the deleting / renaming user but a syslog might also do, when the delete / rename failed. Is there a bugzilla number? :wes On 18 May 2010, at 12:38, Stephen Grier wrote: > Just submitting a patch I'm supporting locally for consideration. > > We use shared mailboxes quite extensively for role-based > communication. > For quite some time we've had a problem with users deleting or > renaming > mailboxes into which we deliver mail. We can, and do, use IMAP ACLs to > dissallow users from deleting the delivery target mailbox. But when a > user creates a child mailbox it inherits the ACLs of the parent, > and the > user is then not able to delete or rename the sub folder. > > As a fix, I have written a patch against 2.3.16 to add a new > lmtptarget > mailbox annotation. When enabled, Cyrus won't allow the mailbox to be > deleted or renamed. We can then set whatever ACLs we want inherited by > child mailboxes, happy in the knowledge the user won't blat the > mailbox > and cause mail to bounce. > > The rationale here is that Cyrus treats user.foo with special > significance as a delivery target, but does not do the same for shared > mailboxes because there is no way for Cyrus to know which shared > mailboxes we intend to deliver mail into. Using a mailbox annotation > seems a nice way of flagging this. > > Patch attached. Comments welcome. ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
