Re: Maildir header cache now supports imap, too
On Fri, Aug 06, 2004 at 11:23:26PM +0900, Derek Martin wrote:
> Keeping your mail on an NFS store is almost always a bad idea
> regardless of locking issues. If the user has root access to their
> workstation (which is often the case), then it is usually NOT POSSIBLE
> to secure the mail store against that user reading anyone's mail.
> Anyone at all, so long as they have permission to mount the filesystem
> which it is on. It also does not matter what permissions are on the
> directory, nor if the server uses the no_root_squash option or not.
You're thinking of one specific way of doing things; while this may be
typical for environments you've had experience with, there are plenty of
environments that are nothing like this.
For instance, we use NFS for our users' mail for 2 reasons:
1) We can easily load balance incoming mail, as well as POP3 / IMAP
servers, across multiple servers.
2) We can separate mail machines from user machines, but still give
users access to create .forward files, .procmailrcs, read mail in mutt,
etc. (yes, this opens up some security concerns as well, but the
benefits outweigh the disadvantages for us).
No users have root on any of the machines mounting the NFS servers;
also, the mount points are broken up into smaller chunks, so any given
machine only mounts the volumes it needs to access.
--
"Since when is skepticism un-American?
Dissent's not treason but they talk like it's the same..."
(Sleater-Kinney - "Combat Rock")
- References:
- Re: Maildir header cache now supports imap, too
- Re: Maildir header cache now supports imap, too
- Re: Maildir header cache now supports imap, too
- Re: Maildir header cache now supports imap, too
- Re: Maildir header cache now supports imap, too
- Re: Maildir header cache now supports imap, too
- Re: Maildir header cache now supports imap, too
- Re: Maildir header cache now supports imap, too
- Re: Maildir header cache now supports imap, too
- Re: Maildir header cache now supports imap, too