This file is indexed.

/usr/share/doc/courier-doc/README.sharedfolders.html is in courier-doc 0.73.1-1.6.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

   1
   2
   3
   4
   5
   6
   7
   8
   9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47
  48
  49
  50
  51
  52
  53
  54
  55
  56
  57
  58
  59
  60
  61
  62
  63
  64
  65
  66
  67
  68
  69
  70
  71
  72
  73
  74
  75
  76
  77
  78
  79
  80
  81
  82
  83
  84
  85
  86
  87
  88
  89
  90
  91
  92
  93
  94
  95
  96
  97
  98
  99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
 242
 243
 244
 245
 246
 247
 248
 249
 250
 251
 252
 253
 254
 255
 256
 257
 258
 259
 260
 261
 262
 263
 264
 265
 266
 267
 268
 269
 270
 271
 272
 273
 274
 275
 276
 277
 278
 279
 280
 281
 282
 283
 284
 285
 286
 287
 288
 289
 290
 291
 292
 293
 294
 295
 296
 297
 298
 299
 300
 301
 302
 303
 304
 305
 306
 307
 308
 309
 310
 311
 312
 313
 314
 315
 316
 317
 318
 319
 320
 321
 322
 323
 324
 325
 326
 327
 328
 329
 330
 331
 332
 333
 334
 335
 336
 337
 338
 339
 340
 341
 342
 343
 344
 345
 346
 347
 348
 349
 350
 351
 352
 353
 354
 355
 356
 357
 358
 359
 360
 361
 362
 363
 364
 365
 366
 367
 368
 369
 370
 371
 372
 373
 374
 375
 376
 377
 378
 379
 380
 381
 382
 383
 384
 385
 386
 387
 388
 389
 390
 391
 392
 393
 394
 395
 396
 397
 398
 399
 400
 401
 402
 403
 404
 405
 406
 407
 408
 409
 410
 411
 412
 413
 414
 415
 416
 417
 418
 419
 420
 421
 422
 423
 424
 425
 426
 427
 428
 429
 430
 431
 432
 433
 434
 435
 436
 437
 438
 439
 440
 441
 442
 443
 444
 445
 446
 447
 448
 449
 450
 451
 452
 453
 454
 455
 456
 457
 458
 459
 460
 461
 462
 463
 464
 465
 466
 467
 468
 469
 470
 471
 472
 473
 474
 475
 476
 477
 478
 479
 480
 481
 482
 483
 484
 485
 486
 487
 488
 489
 490
 491
 492
 493
 494
 495
 496
 497
 498
 499
 500
 501
 502
 503
 504
 505
 506
 507
 508
 509
 510
 511
 512
 513
 514
 515
 516
 517
 518
 519
 520
 521
 522
 523
 524
 525
 526
 527
 528
 529
 530
 531
 532
 533
 534
 535
 536
 537
 538
 539
 540
 541
 542
 543
 544
 545
 546
 547
 548
 549
 550
 551
 552
 553
 554
 555
 556
 557
 558
 559
 560
 561
 562
 563
 564
 565
 566
 567
 568
 569
 570
 571
 572
 573
 574
 575
 576
 577
 578
 579
 580
 581
 582
 583
 584
 585
 586
 587
 588
 589
 590
 591
 592
 593
 594
 595
 596
 597
 598
 599
 600
 601
 602
 603
 604
 605
 606
 607
 608
 609
 610
 611
 612
 613
 614
 615
 616
 617
 618
 619
 620
 621
 622
 623
 624
 625
 626
 627
 628
 629
 630
 631
 632
 633
 634
 635
 636
 637
 638
 639
 640
 641
 642
 643
 644
 645
 646
 647
 648
 649
 650
 651
 652
 653
 654
 655
 656
 657
 658
 659
 660
 661
 662
 663
 664
 665
 666
 667
 668
 669
 670
 671
 672
 673
 674
 675
 676
 677
 678
 679
 680
 681
 682
 683
 684
 685
 686
 687
 688
 689
 690
 691
 692
 693
 694
 695
 696
 697
 698
 699
 700
 701
 702
 703
 704
 705
 706
 707
 708
 709
 710
 711
 712
 713
 714
 715
 716
 717
 718
 719
 720
 721
 722
 723
 724
 725
 726
 727
 728
 729
 730
 731
 732
 733
 734
 735
 736
 737
 738
 739
 740
 741
 742
 743
 744
 745
 746
 747
 748
 749
 750
 751
 752
 753
 754
 755
 756
 757
 758
 759
 760
 761
 762
 763
 764
 765
 766
 767
 768
 769
 770
 771
 772
 773
 774
 775
 776
 777
 778
 779
 780
 781
 782
 783
 784
 785
 786
 787
 788
 789
 790
 791
 792
 793
 794
 795
 796
 797
 798
 799
 800
 801
 802
 803
 804
 805
 806
 807
 808
 809
 810
 811
 812
 813
 814
 815
 816
 817
 818
 819
 820
 821
 822
 823
 824
 825
 826
 827
 828
 829
 830
 831
 832
 833
 834
 835
 836
 837
 838
 839
 840
 841
 842
 843
 844
 845
 846
 847
 848
 849
 850
 851
 852
 853
 854
 855
 856
 857
 858
 859
 860
 861
 862
 863
 864
 865
 866
 867
 868
 869
 870
 871
 872
 873
 874
 875
 876
 877
 878
 879
 880
 881
 882
 883
 884
 885
 886
 887
 888
 889
 890
 891
 892
 893
 894
 895
 896
 897
 898
 899
 900
 901
 902
 903
 904
 905
 906
 907
 908
 909
 910
 911
 912
 913
 914
 915
 916
 917
 918
 919
 920
 921
 922
 923
 924
 925
 926
 927
 928
 929
 930
 931
 932
 933
 934
 935
 936
 937
 938
 939
 940
 941
 942
 943
 944
 945
 946
 947
 948
 949
 950
 951
 952
 953
 954
 955
 956
 957
 958
 959
 960
 961
 962
 963
 964
 965
 966
 967
 968
 969
 970
 971
 972
 973
 974
 975
 976
 977
 978
 979
 980
 981
 982
 983
 984
 985
 986
 987
 988
 989
 990
 991
 992
 993
 994
 995
 996
 997
 998
 999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <meta http-equiv="Content-Type" content=
  "text/html; charset=us-ascii" />

  <title>Shared folders</title>
  <meta name="MSSmartTagsPreventParsing" content="TRUE" />
</head>
<!-- Copyright 2000 Double Precision, Inc.  See COPYING for -->
<!-- distribution information. -->

<body>
  <h1>Shared folders</h1>

  <p>This document describes how shared folders are implemented by
  Courier-IMAP, and SqWebMail.</p>

  <p>Courier-IMAP and SqWebMail actually have two different shared
  folder implementations, for two situations: A) Filesystem
  permissions-based shared folders, for systems with traditional
  shell login accounts, and mailboxes; and B) virtual shared
  folders, for closed systems that provide mail access only, with
  all mailboxes using the same system userid/groupid, and no
  end-user shell login access.</p>

  <p>This documentation is also applicable to the Courier mail
  server, which includes Courier-IMAP and SqWebMail as its
  components. There are some minor implementation differences
  between the standalone Courier-IMAP and SqWebMail packages, and
  Courier; namely the different locations of several key
  configuration files. Aside from that, both implementation are
  equivalent.</p>

  <table>
    <tbody>
      <tr>
        <th align="left" colspan="2">Table Of Contents</th>
      </tr>

      <tr>
        <td colspan="2"><a href="#newshared">Virtual shared
        folders</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#newsharedterm">Terminology</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#newsharedtech">Technical Overview</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#newsharedfunc">Functional Overview</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#combo">Combining Courier-IMAP's and SqWebMail
        index files</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#imapacl">IMAP Access Control List and account
        groups</a></td>
      </tr>

      <tr>
        <td colspan="2">&nbsp;</td>
      </tr>

      <tr>
        <td colspan="2"><a href="#oldshared">Filesystem
        permissions-based shared folders</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#oldsharedterm">Terminology</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#oldsharedtech">Technical Overview</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#oldsharedfunc">Functional Overview</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#oldsharedaccess">Accessing shared
        folders</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#oldsharedsub">Subscribing to a shared
        folder</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#oldsharedunsub">Unsubscribing to a shared
        folder</a></td>
      </tr>

      <tr>
        <td>&nbsp;</td>

        <td><a href="#oldsharedopen">Opening a shared
        folder</a></td>
      </tr>
    </tbody>
  </table>

  <h1><a name="newshared" id="newshared">Virtual shared
  folders</a></h1>

  <h2><a name="newsharedterm" id=
  "newsharedterm">Terminology</a></h2>

  <p>Virtual shared folders are implemented in a completely
  different manner. In a virtual setup, all mailboxes use the same
  system userid and groupid; there is no shell login access to the
  mail server, and all access is managed by setting up access
  control lists. Each individual user may voluntarily grant access
  to a folder to another user or group of user. Access control
  lists permit fine-grained control. It is possible to specify what
  different users are permitted to do to the folder or its
  contents. Since there is no shell login access, all access to
  mail folders occurs through an IMAP connection to the server, and
  the IMAP server observes the defined access control lists on each
  folder.</p>

  <blockquote>
    <p><em>NOTE:</em></p>

    <p>The references to IMAP in this documentation equally apply
    to SqWebMail as well. This documentation file is included in
    Courier-IMAP's and SqWebMail's tarballs. When reading this
    documentation file in the SqWebMail tarball, mentally replace
    all references to IMAP with webmail. SqWebMail does not use
    IMAP, the server reads the maildirs directory; but it uses the
    same shared library as Courier-IMAP, which explains the similar
    implementation.</p>
  </blockquote>

  <p>For more information on how to set up access control lists,
  see the <a href="maildiracl">maildiracl(1)</a> manual page.</p>

  <h2><a name="newsharedtech" id="newsharedtech">Technical
  Overview</a></h2>

  <p>After logging in, the server process runs in the logged in
  account's maildir. As the INSTALL file describes in great detail,
  virtual mail accounts may be maintained via a wide variety of
  back-end databases, including MySQL, PostgresSQL, or an LDAP
  directory. If now the server needs to check the access controls
  on another account's mail folder, to determine if the user has
  access to it, the server needs to now locate where the other
  account is located.</p>

  <p>However, there are several reasons why the server cannot
  directly go back to the authentication database. The first reason
  is that after logging in the server process no longer has root
  privileges; and database configuration files normally require
  root privileges (since they may contain administrative
  passwords). Although there might be ways to hack around that, the
  second reason is the show-stopper: IMAP's design permits clients
  to enumerate all available shared mail accounts, or arbitrary
  subsets of them. And, in fact, many of them do just that; mainly
  because IMAP's design leaves no other alternative, in some
  situations.</p>

  <p>Clearly, it is not feasible to have hundreds of clients
  hammering at the database server, repeatedly downloading huge
  lists of available shared folders (which may number in tens of
  thousands, on a busy server). Therefore, the following approach
  is used.</p>

  <p>One or more flat text files are set up, which contain an index
  of all virtual mail folders. The list is, essentially, downloaded
  from the authentication database. The text file contain a subset
  of the data in the authentication database; only the minimum
  amount of fields necessary to specify the account's name, and
  where the account lives. The server process quickly reads the
  text file(s) in order to locate another account's folder, and to
  check its access control list.</p>

  <p>The system administrator will need to set up a
  regularly-scheduled process that rebuilds the shared folder
  index. Yes, that means that a new account's shared folders will
  not be accessible, by other accounts, until the shared folder
  index gets rebuilt (but the account still has immediate access to
  its own folders, after creation). The shared folder index will be
  updated in a manner that allows the update to occur live, without
  requiring any system downtime.</p>

  <p>On moderately-sized systems it might be feasible to invoke the
  shared index update script as part of the process that adds or
  removes an account; thereby the shared folder index files will
  always be kept up to date.</p>

  <p>In its most simple form, the shared index is a single file,
  called <em>SYSCONFDIR/shared/index</em>, where "SYSCONFDIR" is
  the server's configuration directory. The following table
  provides the default locations of the configuration file:</p>

  <table>
    <tbody>
      <tr>
        <td>Courier-IMAP:</td>

        <td>
        <code>/usr/lib/courier-imap/etc/shared/index</code></td>
      </tr>

      <tr>
        <td>Courier:</td>

        <td><code>/usr/lib/courier/etc/shared/index</code></td>
      </tr>

      <tr>
        <td>Courier (Red Hat/Fedora build):</td>

        <td><code>/etc/courier/shared/index</code></td>
      </tr>

      <tr>
        <td>SqWebMail (standalone build):</td>

        <td>
        <code>/usr/local/share/sqwebmail/shared/index</code></td>
      </tr>
    </tbody>
  </table>

  <blockquote>
    <p><em>NOTE:</em></p>

    <p>If the "shared" directory doesn't exist, just create it.</p>
  </blockquote>

  <p>Blank lines in this file are ignored, as well as lines that
  begin with a single "#" character, which are arbitrary comments.
  Each remaining line specifies the location of an account's
  maildir. The line contains the following fields, separated by a
  single tab character:</p>

  <ol>
    <li>name</li>

    <li>system userid</li>

    <li>system groupid</li>

    <li>virtual home directory</li>

    <li>maildir path, relative to the virtual home directory</li>
  </ol>

  <p>"name" <em>SHOULD</em> be the account's login name (which in
  some rare configurations may not actually match the IMAP login
  used by the client; this is the name that's logged to syslog when
  the account successfully logs in, which is usually the same as the
  IMAP login id). In most situations all accounts will have the
  same system userid and groupid. The server doesn't actually do
  anything with these fields at this time, but may do so in the
  future.</p>

  <p>The virtual account's home directory is taken verbatim from
  the authentication database. The maildir path field is optional.
  If missing, it defaults to "./Maildir". Combining the home
  directory, and the maildir path, results in the location where
  the specified account's maildir folders may be found.</p>

  <p>Inaccessible accounts are silently ignored. This allows the
  shared folder index to be itself shared between multiple servers
  even though that accounts themselves are not shared. Each server
  will only see the accounts it can access.</p>

  <p>As mentioned previously, IMAP clients will often want to
  obtain a complete list of shared folders. If the mail server has
  more than a a couple of hundred accounts, a single index file may
  be inefficient, and the mail accounts should be segregated into
  different groups. An account group entry in the index file looks
  like this:</p>

  <ol>
    <li>group name</li>

    <li>*</li>

    <li>filename</li>
  </ol>

  <p>When the second tab-delimited field is a single asterisk, the
  first field is taken to be a name of an account group; and
  "filename" is the name of another, separate, index file that
  lists all accounts that belong in this group. The second file
  should also be installed in <code>SYSCONFDIR/shared</code>.</p>

  <p>When it's time to use account groups,
  <code><em>SYSCONFDIR/shared/index</em></code> will usually
  contain only group entries, with the accounts themselves
  dispersed in other files in the same directory.</p>

  <p>Account names and group names use the <code>UTF-8</code>
  character set. This is not usually an issue for account names,
  which are almost always limited to the Latin character set. Group
  names may be arbitrary, though, and include non-Latin characters,
  using <code>UTF-8</code>.</p>

  <p>Courier does not allow IMAP folder names to contain the "." or
  the "/" characters. The shared index file may include those
  characters in account or group names, and they will be
  automatically replaced by spaces (which are allowed).</p>

  <p>This is not normally an issue, unless there exists two
  separate accounts or groups whose names are the same, except that
  one name contains spaces, and the other name contains the
  forbidden characters. This is obviously not something that is
  likely to occur, but if it did the end result would be that one
  of the names will have its punctuation characters replaced by
  spaces, and now two virtual folders will exist with the same
  name.</p>

  <p>If this rather unlikely scenario somehow materializes the
  solution is to enable the <code>IMAP_SHAREDMUNGENAMES</code>
  setting in Courier-IMAP's configuration file. When enabled, this
  setting replaces the "." and "/" with a two character sequence:
  "\:" and "\;". Any the existing backslashes are doubled, thus
  preserving folder name uniqueness. This is not something you'd
  want to do unless you have no other choice.</p>

  <p>The equivalent setting for SqWebMail (or Courier's webmail
  server) is the <code>SQWEBMAIL_SHAREDMUNGENAMES</code>. When
  using SqWebMail at the same time as Courier-IMAP, and if
  <code>IMAP_SHAREDMUNGENAMES</code> is set, the
  <code>SQWEBMAIL_SHAREDMUNGENAMES</code> variable must also be set
  in order for everyone to be in sync. This can be done in one of
  two different ways:</p>

  <blockquote>
    <ol>
      <li>
        <p>Set this variable before running the <code>sqwebmaild
        start</code> command:</p>
        <pre>
SQWEBMAIL_SHAREDMUNGENAMES=1
export SQWEBMAIL_SHAREDMUNGENAMES
sqwebmaild start
</pre>
      </li>

      <li>
        <p>Set this environment variable in the web server's
        configuration files. With Apache, for example:</p>
        <pre>
SetEnv SQWEGBMAIL_SHAREDMUNGENAMES 1
</pre>
      </li>
    </ol>
  </blockquote>

  <h3>Many Shared Accounts</h3>

  <p>When the number of mail accounts begins to exceed a couple of
  thousand (or even less, depending on the mail server), even
  account groups will not be enough. If a single mail server has
  tens of thousands of accounts, an individual IMAP client may
  potentially access hundreds of thousands of folders.</p>

  <p>It is a sad fact of life that there are poorly-designed IMAP
  clients that insist on searching for every accessible folder,
  every time. They will stubornly scan the entire IMAP folder
  namespace, recursively reading each folder hierarchy, to compile
  a list of available folders. Even though there may only be a few
  folders shared by their owners, the server still has to check
  whether the IMAP client has access to each folder, in order to
  compile the list of accessible folders. No mail server will like
  an IMAP client that insists on reading the access control lists
  of hundreds of thousand of folders.</p>

  <p>This problem is solved by setting the
  "<code>sharedgroup</code>" option for each account. The
  <code>INSTALL</code> file contains a more specific description of
  how to initialize account options. Normally, the shared folder
  index file is "<em>SYSCONFDIR/shared/index</em>"; however, if the
  "<code>sharedgroup</code>" option is set, the value of
  "<code>sharedgroup</code>" is appended to the shared folder index
  filename. So, if user1's account has the
  "<code>sharedgroup=12</code>" option, as far as this account is
  concerned the shared folder index file is
  "<em>SYSCONFDIR/shared/index12</em>". Note that
  <em>SYSCONFDIR/shared/index12</em> may still contain account
  group entries that point to other shared index files.</p>

  <p>This enables the ability to partition all accounts into
  smaller "universes". The list of accounts is broken up into
  individual universe. Accounts within a universe can only see
  other accounts in the same universe. Even if a given folder's
  access control lists permit global access, only accounts in the
  same universe will be able to access it.</p>

  <p>Also note that trans-universal wormholes are possible. Two, or
  more, top-level index files may list the same set of account
  groups, and those accounts will be visible from both (or more)
  universes.</p>

  <p><strong>IMPORTANT</strong>: Under no circumstances should you
  install circular wormholes (index file A lists index file B as a
  group, and index file B lists index file A as a group). The
  consequences would be disastrous for both universes.</p>

  <h2><a name="newsharedfunc" id="newsharedfunc">Functional
  Overview</a></h2>

  <p>As mentioned in the previous section, it is necessary to set
  up a regularly-scheduled system process that updates the shared
  folder index files. The procedure for doing so is site-specific.
  Individual sites will need to put together a set of custom
  scripts that create the shared folder index files in
  <em>SYSCONFDIR/shared</em>. This is likely to be a highly
  site-specific code; however Courier installs several generic
  shell scripts that can be used as a working starting point.</p>

  <p>The most important step in the process is actually the final
  step of installing new shared folder index files in
  <em>SYSCONFDIR/shared</em>. They must be installed in a way that
  can be done live, without shutting down the system, and without
  affecting any existing processes. This can be done using the
  &ldquo;sharedindexinstall&rdquo; script, which may be found in
  the <code>sbin</code> directory. To use
  <code>sharedindexinstall</code>, first create the shared index
  files in a temporary directory called
  <em>SYSCONFDIR/shared.tmp</em>, then run the script to move all
  the files in this directory to <em>SYSCONFDIR/shared</em>.</p>

  <p>So a typical script that updates shared index files will
  generally look like this (this example uses Courier-IMAP, for
  SqWebMail the directory locations will be different):</p>

  <blockquote>
    <hr />
    <pre>
#!/bin/sh
sysconfdir="/usr/lib/courier-imap/etc"  # Or /etc/courier, or whatever...
sbindir="/usr/lib/courier-imap/sbin"    # Or, wherever it actually is...

rm -rf $sysconfdir/shared.tmp
mkdir $sysconfdir/shared.tmp || exit 1

#
# A magical process creates updated shared index files right about now...
#

$sbindir/sharedindexinstall
</pre>
    <hr />
  </blockquote>

  <blockquote>
    <h4>NOTE</h4>

    <p>Existing IMAP server processes may continue to use cached
    shared folder index data for some time, after
    <code>sharedindexinstall</code>. This will not cause any
    problems.</p>
  </blockquote>

  <h3>Using <code>authenumerate</code></h3>

  <p>In most cases, systems that use a single shared index file are
  likely to need to only run the &ldquo;authenumerate&rdquo;
  program in order to build the shared folder index. As long as
  Courier's authentication modules are properly configured (and
  <code>authdaemond</code> is running) <code>authenumerate</code>
  will download the list of accounts from the configured
  authentication module, and generate a suitably-formatted list on
  standard output. So the complete shared folder index update
  script will look like this:</p>

  <blockquote>
    <hr />
    <pre>
#!/bin/sh
sysconfdir="/usr/lib/courier-imap/etc"
sbindir="/usr/lib/courier-imap/sbin"

rm -rf $sysconfdir/shared.tmp
mkdir $sysconfdir/shared.tmp || exit 1

$sbindir/authenumerate -s &gt;$sysconfdir/shared.tmp/index || exit 1

$sbindir/sharedindexinstall
</pre>
    <hr />
  </blockquote>

  <p>The functionality to enumerate accounts is new to Courier-IMAP
  3.0. When upgrading from an earlier versions, systems that are
  configured to use a custom MySQL, PostgreSQL, or LDAP queries
  will need to enter a new configuration setting in the appropriate
  configuration file. The update process will add a new variable to
  the configuration file, which must be initialized to contain the
  custom query that reads the account list accordingly. In most
  cases the query only needs to be a slight variation on the
  existing query that checks the password of a specific account
  that's requesting authentication.</p>

  <p>Systems that do not use the custom query option should not
  need to make any additional setting, as the standard query
  authentication variables contain all the information that's
  needed to obtain a complete list of accounts.</p>

  <p>If only a small proportion of your users are entitled to use
  shared mailboxes, then it helps scalability enormously if you
  restrict the shared index file to contain just those accounts.
  The <b>-s</b> flag to <code>authenumerate</code> implements this,
  by discarding all accounts which have the option
  <code>disableshared</code> set to a non-zero value. Further
  efficiency can be gained by customising your database query so
  that the database itself returns only the relevant accounts. Use
  option <code>MYSQL_ENUMERATE_CLAUSE</code>,
  <code>PGSQL_ENUMERATE_CLAUSE</code> or
  <code>LDAP_ENUMERATE_FILTER</code> as appropriate.</p>

  <p>Note also that you can set
  <code>DEFAULTOPTIONS="disableshared=1"</code> in
  <code>authdaemonrc</code> to make sharing disabled for everyone,
  and then set option <code>disableshared=0</code> only on
  permitted accounts.</p>

  <blockquote>
    <h4>NOTE</h4>

    <p><code>authenumerate</code> tries not to download the
    complete results of each query into a memory buffer, but it may
    be that this still happens due to circumstances out of its
    control (e.g. older versions of MySQL or PostgreSQL client
    libraries may force this to happen). If so, it's possible that
    <code>authenumerate</code>'s memory requirements may be large
    enough to affect the running system. In this case you will need
    to come up with an alternative mechanism to obtain the list of
    accounts, in some other way.</p>
  </blockquote>

  <blockquote>
    <h4>NOTE</h4>

    <p>The PAM library does not have a function that obtains a list
    of available accounts. Therefore, on all systems that use the
    <code>authpwd</code>, <code>authshadow</code>, or
    <code>authpam</code> modules, <code>authenumerate</code> works
    in exactly the same way: by using the <code>getpwent</code>()
    function. Systems that use certain PAM modules, such as ones
    that authenticate against a MySQL, a PostgreSQL, or an LDAP
    database, will not be able to use <code>authenumerate</code>,
    and must come up with a suitable replacement.</p>
  </blockquote>

  <h3>Using <code>sharedindexsplit</code></h3>

  <p>As mentioned in the <a href="#newsharedtech">technical
  overview</a>, a single index file may not be feasible if the
  number of accounts is more than a thousand, or so. At that point
  it becomes necessary to split the shared folder index into
  multiple files.</p>

  <p>The <code>sharedindexsplit</code> script reads a list of all
  accounts, formatted as a single shared folder index (which,
  incidentally, matches <code>authenumerate</code>'s output format
  as well) and splits it into multiple files. The first argument to
  <code>sharedindexsplit</code> is the name of the directory where
  the output files are going to be created. The directory must be
  empty.</p>

  <p><code>sharedindexsplit</code> splits the index into multiple
  files, based on either the 'sharedgroup' account option, or the
  first character or characters of the account's name. Use the
  optional second argument to <code>sharedindexsplit</code> to
  specify a number, if splitting the account list based on initial
  characters is desired. If splitting based on the 'sharedgroup'
  account option then use the <code>-o</code> flag to
  <code>authenumerate</code> to get it to include the account
  options in its output.</p>

  <p>Perl 5.8.0, or greater, must be installed if account names
  include non-Latin characters. For best results, the shared folder
  index input to <code>sharedindexsplit</code> should already be
  sorted, but it doesn't have to be.</p>

  <p>Therefore, the following scripts should produce good results
  on a system with a large, but a moderate number of accounts.
  Split on 'sharedgroup' if you have a number of separate
  'universes' where sharing is only permitted within each universe;
  otherwise split on the account name if all users can potentially
  access all shared mailboxes.</p>

  <blockquote>
    <hr />
    <pre>
#!/bin/sh
sysconfdir="/usr/lib/courier-imap/etc"
sbindir="/usr/lib/courier-imap/sbin"

rm -rf $sysconfdir/shared.tmp
mkdir $sysconfdir/shared.tmp || exit 1

# split on the 'sharedgroup' option
$sbindir/authenumerate -s -o &gt;$sysconfdir/shared.tmp/.tmplist || exit 1
$sbindir/sharedindexsplit $sysconfdir/shared.tmp &lt;$sysconfdir/shared.tmp/.tmplist  || exit 1
rm -f $sysconfdir/shared.tmp/.tmplist
$sbindir/sharedindexinstall
</pre>
    <hr />
    <pre>
#!/bin/sh
sysconfdir="/usr/lib/courier-imap/etc"
sbindir="/usr/lib/courier-imap/sbin"

rm -rf $sysconfdir/shared.tmp
mkdir $sysconfdir/shared.tmp || exit 1

# split on the first 1 character of the username
$sbindir/authenumerate -s &gt;$sysconfdir/shared.tmp/.tmplist || exit 1
$sbindir/sharedindexsplit $sysconfdir/shared.tmp 1 &lt;$sysconfdir/shared.tmp/.tmplist  || exit 1
rm -f $sysconfdir/shared.tmp/.tmplist
$sbindir/sharedindexinstall
</pre>
    <hr />
  </blockquote>

  <p><code>authenumerate</code> is saved to a temporary file,
  instead of being piped directly, is so that its exit code can be
  checked. We want to abort the entire process if
  <code>authenumerate</code> terminates with a non-zero exit code.
  If <code>authenumerate</code> pipes its output directly to
  <code>sharedindexsplit</code>, and aborts with an error, then
  <code>sharedindexsplit</code> will read an empty shared folder
  index, consequently the output directory will be empty, and then
  <code>sharedindexinstall</code> will obligingly install an empty
  list of shared folders.</p>

  <p>As mentioned previously, at some point
  <code>authenumerate</code>'s memory requirements may become too
  much to handle, and an alternative mechanism will need to be
  improvised. <code>sharedindexsplit</code>'s memory requirements
  are not dependent on the number of accounts, so this script can
  still be used even with very many accounts.</p>

  <p>When it's time to use account groups,
  <em>SYSCONFDIR/shared/index</em> will usually contain only group
  entries, with the accounts themselves dispersed in other files in
  the same directory.</p>

  <h2><a name="combo" id="combo">Combining Courier-IMAP's and
  SqWebMail index files</a></h2>

  <p>The information in this section is applicable only when
  running both Courier-IMAP and SqWebMail packages. This is not
  applicable when running Courier, which includes both the IMAP
  server and the webmail server. In the Courier build, both servers
  are set up to use the same shared index file.</p>

  <p>But, if both standalone builds are installed, Courier-IMAP
  will want to use
  <code>/usr/lib/courier-imap/etc/shared/index</code> as its shared
  index file, while SqWebMail will read
  <code>/usr/local/share/sqwebmail/shared/index</code>.</p>

  <p>To make both servers use the same shared folder index, create
  a soft link:</p>
  <pre>
ln -s /usr/lib/courier-imap/etc/shared /usr/local/share/sqwebmail/shared
</pre>

  <p>It's important to create a soft link to the entire "shared"
  directory, otherwise index group files will not work.</p>

  <h2><a name="imapacl" id="imapacl">IMAP Access Control List and
  account groups</a></h2>

  <p>Even after setting up shared folders indexes correctly, the
  mail client will show an empty list of shared folders. This is
  because even though each account's folders may be shared, they
  will not be visible to other accounts until the mail account's
  owner explicitly grants public access to a folder. This can be
  done using an IMAP mail client that understands access control
  lists, using Courier's SqWebMail, or the <tt>maildiracl</tt>
  command. The <tt>maildiracl</tt> manual page includes an overview
  of access control lists and how to control who gets what kind of
  rights on a folder. See the <tt>maildiracl</tt> manual page for
  more information.</p>

  <h1><a name="oldshared" id="oldshared">Filesystem
  permissions-based shared folders</a></h1>

  <h2><a name="oldsharedterm" id=
  "oldsharedterm">Terminology</a></h2>

  <ul>
    <li>Sharable Maildir - a maildir that contains folders that can
    be shared.</li>

    <li>Sharable folder - one or more folders in a sharable Maildir
    that can be shared.</li>
  </ul>

  <h2><a name="oldsharedtech" id="oldsharedtech">Technical
  Overview</a></h2>

  <ul>
    <li>They are a somewhat logical extension of the base Maildir
    format.</li>

    <li>Older versions of Courier-IMAP and SqWebMail will
    completely ignore shared folders.</li>

    <li>Messages in shared folders do not count towards any
    individual maildir quotas (see <tt><a href=
    "README.maildirquota.html">README.maildirquota.html</a></tt>).</li>

    <li>Shared folders are implemented as additional, Maildir-based
    folders. The messages will be soft links to the messages in the
    sharable folder. Soft links will be used instead of hard links
    in order to be able to have a folder containing large messages,
    and then be able to reclaim space immediately when the messages
    are purged, instead of waiting for everyone to sync up and
    delete their hard link. The flip side is that you can expect
    the usual sorts of errors and increased confusion if someone
    attempts to read a message that has just been removed, but
    their client (Courier-IMAP or SqWebMail) doesn't know that yet.
    That's unavoidable. You'll probably have to set some kind of a
    policy in order to keep the expected insanity to a
    minimum.</li>

    <li>Sharable folders are subscribed to by creating a separate
    maildir-type directory within the main Maildir. It's created in
    a separate subdirectory that is ignored by other Maildir
    clients.</li>

    <li>The new directory will contains soft links to the messages
    in the sharable folder. "Synchronization" code will be used to
    synchronize the contents of the sharable folder, and the copy
    of it in the regular Maildir. Once links to the messages are
    created, they can be manipulated like regular messages in a
    Maildir. This procedure will be transparently performed by
    Courier-IMAP or SqWebMail behind the scenes.</li>

    <li>Access to shared folders is controlled by a combination of
    an explicit configuration, plus regular filesystem permissions.
    If account owners have shell access to the server, they can
    create shared folders, and link their mailbox to other
    accounts' shared folders. Then, the actual access is controlled
    by regular filesystem permissions. The owner of the shared
    folder will use the regular filesystem permission to give read
    and/or write access to either everyone else, or everyone else
    who uses the same system group ID. Read access allows people to
    read messages from a shared folder. Write access allows people
    to add and delete messages in the shared. The owner of the
    shared folder can remove any message, everyone else will be
    able to remove only their own messages.</li>
  </ul>

  <h2><a name="oldsharedfunc" id="oldsharedfunc">Functional
  Overview</a></h2>

  <p>Generally speaking, shared folders are configured using a
  feature-enhanced <tt>maildirmake</tt> command as follows:</p>

  <ul>
    <li><tt>make install</tt> will install a <tt>maildirmake</tt>
    command that has a bunch of funny options. The modified
    <tt>maildirmake</tt> command is installed into Courier-IMAP's
    or SqWebMail's installation directory.</li>

    <li>Somebody, maybe you, will use some of these options to
    create a maildir with modified permissions. The same somebody
    will run <tt>maildirmake</tt> again, with a few other options,
    to create folders in that maildir, also with modified
    permissions. Those permissions allows global read (and
    optionally write) access to those folders.</li>

    <li>Do NOT use this maildir as the primary mailbox, INBOX, for
    an account. Instead, you must create this maildir separately,
    perhaps as $HOME/Maildir-shared, then set it up as one of your
    sharable maildirs (see below), and access it in shared mode.
    Because you own it, you have unlimited read/write access to it.
    The previously mentioned options will select whether or not
    access permissions are given to everyone else, and they do not
    apply to you.</li>

    <li>Everyone else will run <tt>maildirmake</tt> with even more
    funny options. Those options install a link from their own
    maildir to a maildir that contains sharable folders. A given
    maildir may contain links to more than one sharable maildir. As
    long as their system user/group permissions allow them to
    access messages, they can SUBSCRIBE via their IMAP client to
    the folder, or use the SUBSCRIBE function in SqWebmail.</li>

    <li>If people do not have shell access, the system
    administrator will have to run <tt>maildirmake</tt> on their
    behalf, in order to create the links to the sharable
    maildirs.</li>

    <li>People with write access can add messages to a sharable
    folder. Messages from a sharable folder can be removed only by
    the owner of the shared folder, or by the owner of each
    message.</li>

    <li>This sharable maildir implementation cannot use maildir
    soft-quotas. There cannot be a soft-quota installed in a
    sharable maildir. If you need quota support, you will have to
    use filesystem-based quotas. There are some sticky issues with
    updating quotas on a sharable maildir.</li>
  </ul>

  <p>Also, note that anyone, not just the superuser, can create a
  sharable maildir in their account, and invite anyone else to
  access it, as long as their system user/group permissions allow
  them access.</p>

  <p>To summarize:</p>

  <ul>
    <li>Use the -S option to <tt>maildirmake</tt> to create a
    maildir that can contain sharable folders.</li>

    <li>Use the -s and -f options to <tt>maildirmake</tt> to create
    sharable folders. The same sharable maildir may contain
    multiple sharable folders with different access permissions, as
    selected by the -s option.</li>

    <li>Use the <tt>--add</tt> option to install a link from a
    regular maildir to a sharable maildir. Afterwards, IMAP clients
    will be able to subscribe to folders in the sharable
    maildir.</li>

    <li>Use the <tt>--del</tt> option to remove a link.</li>
  </ul>

  <p>For more information on these options, see the
  <tt>maildirmake</tt> manual page that will be installed.</p>

  <h3>More on additional options for the <tt>maildirmake</tt>
  command</h3>The '-S' option to <tt>maildirmake</tt> to create a
  maildir that will contain shared folders. The -S option gives
  group and world read permissions on the maildir itself (where
  group/world permissions are normally not set for a regular
  maildir). This allows access to any folders in the shared
  maildir, and that's why you should not use this Maildir directly
  as your primary mailbox.

  <p>The "new" and "cur" subdirectories will not be used or shared,
  although they will still be created. Both SqWebMail and
  Courier-IMAP create their auxiliary files in the main Maildir
  with the group and world permissions turned off, so this maildir
  can, theoretically, still be used as the primary INBOX, but I
  don't recommend that.</p>

  <p>The -S option is not limited to the system administrator. In
  fact, anyone can use the -S option, to create shared maildirs
  that they maintain.</p>

  <p>Shared folders are created like any other folder, using the
  <tt>-f</tt> option to <tt>maildirmake</tt>. However, that
  normally creates a folder that is not sharable, because it will
  not have any group or world permissions. Therefore,
  <tt>maildirmake</tt> will take the following options to create a
  sharable folder:</p>

  <ul>
    <li><tt>-s read</tt> will create a "moderated" folder. The
    folder will have group and world read permissions, letting
    anyone read messages, but only the owner of the sharable
    Maildir can add messages to the sharable folder.</li>

    <li><tt>-s write</tt> will create an "unmoderated" folder. The
    folder will have group and world read/write permissions,
    letting anyone read and add messages to the folder. The folder
    will be created with the sticky bit set, like the <tt>/tmp</tt>
    directory, preventing people from removing someone else's
    messages.</li>

    <li><tt>-s read,group/-s write,group</tt> append a comma and
    the word "group" to modify the semantics of moderated and
    unmoderated folders only on the group level, not the group and
    world level, as far as permissions go. This restricts sharing
    the folder only to members of the same system group as the
    owner of the sharable maildir.</li>
  </ul>

  <p>It's worth noting that it is perfectly permissible for folders
  in the same sharable maildir to have different access levels.</p>

  <p>Also, this is driven entirely by filesystem permissions, so
  theoretically it's possible to create a folder that has write
  permissions for the group, and read permissions for everyone
  else. However, I'm too lazy to actually do it. Feel free to patch
  <tt>maildirmake</tt> to add this functionality, then send me the
  patch.</p>

  <h2><a name="oldsharedaccess" id="oldsharedaccess">Accessing
  shared folders</a></h2>

  <p>The rest of the document consists of technical implementation
  notes.</p>

  <p>Accessing a collection of shared folders is implemented by a
  new file that is installed in the primary maildir (usually
  $HOME/Maildir), and a new subdirectory hierarchy underneath the
  primary maildir, which are hereby declared.</p>

  <h3><tt>shared-maildirs</tt></h3>

  <p>This file must be created by the administrator or by the
  maildir owner, manually. This file lists all available sharable
  maildirs that this maildir can access in shared mode (confused
  yet?). This file contains one or more lines of the following
  format:</p>

  <p><tt>name /path/to/shared/maildir</tt></p>

  <p>"<em>name</em>" is an arbitrary name that's given to this
  collection of shared folders. The name may not contain slashes,
  periods, or spaces. This is followed by a pathname to the maildir
  containing shared folders. Note that this is NOT the sharable
  folder itself, but the maildir that contains one or more sharable
  folders. The maildir client will be able to selectively subscribe
  to any sharable folder in that maildir.</p>

  <h3><tt>shared-folders</tt></h3>

  <p>This subdirectory forms the root of all the shared folders
  that are subscribed to. Let's say that <tt>shared-maildirs</tt>
  has the following contents:</p>

  <p><tt>firmwide /home/bigcheese/Maildir-shared</tt> <tt>tech
  /home/gearhead/Maildir-shared</tt></p>

  <p>Subscribing to folders 'golf' and 'boat' in bigcheese's shared
  Maildir, and to the folder 'maintenance' in gearhead's shared
  Maildir involves creating the following subdirectories:
  <tt>shared-folders/firmwide/.golf</tt>,
  <tt>shared-folders/firmwide/.boat</tt>, and
  <tt>shared-folders/tech/.maintenance</tt>.</p>

  <h3><tt>shared</tt></h3>This is a soft link that's automatically
  created in <tt>shared-folders/<em>name</em></tt>. It is a soft
  link that points to the sharable maildir, which contains the
  sharable folders.

  <h2><a name="oldsharedsub" id="oldsharedsub">Subscribing to a
  shared folder</a></h2>

  <ul>
    <li>Read <tt>shared-maildirs</tt>.</li>

    <li>Read the <tt>shared-folders</tt> hierarchy to determine
    which folders are already subscribed to.</li>

    <li>Read the folders in each maildir listed in
    <tt>shared-folders</tt>, and ignore the ones that are already
    subscribed to. Make sure to stat() each folder to make sure
    that you can read it.</li>

    <li>If necessary, create <tt>shared-folders/<em>name</em></tt>,
    and create the <tt>shared-folders/<em>name</em>/shared</tt>
    soft link.</li>

    <li>Create <tt>shared-folders/name/.foldername</tt>, then
    create the standard <tt>tmp</tt>, <tt>new</tt>, and
    <tt>cur</tt> subdirectories. All the directories are created
    without any group or world permissions.</li>
  </ul>

  <h2><a name="oldsharedunsub" id=
  "oldsharedunsub">Unsubscribing</a></h2>

  <ul>
    <li>Delete everything in
    <tt>shared-folders/name/<em>foldername</em></tt>.</li>

    <li>If this is there are no more subscribed folders in this
    sharable maildir, delete <tt>shared-folders/name</tt> for good
    measure as well.</li>
  </ul>

  <h2><a name="oldsharedopen" id="oldsharedopen">Opening a shared
  folder</a></h2>

  <p>The process of "opening" a shared folder involves basically
  "syncing" the contents of
  <tt>shared-folders/name/.foldername</tt> with the contents of the
  sharable folder in the original sharable maildir.</p>

  <ul>
    <li>Do the usual processing on the <tt>tmp
    subdirectory</tt>.</li>

    <li>Read the contents of
    <tt>shared-folders/name/<em>foldername</em>/shared/new</tt>. If
    you find <em>anything</em> in there, rename it to
    <tt>../cur</tt>, ignoring any errors from the rename. The
    sharable maildir owner can arrange for mail to be delivered
    directly to this folder, and the first one to open it will put
    the message into <tt>cur</tt>.</li>

    <li>Read the contents of
    <tt>shared-folder/name/<em>foldername</em>/shared/cur</tt>.
    Call this directory "A", for short.</li>

    <li>Read the contents of
    <tt>shared-folder/name/<em>foldername</em>/cur</tt>. Call this
    directory "B", for short.</li>

    <li><tt>stat()</tt> A and B to see if they live on different
    devices.</li>

    <li>Remove all messages in B that do not exist in A. You want
    to compare the filenames up to the : character.</li>

    <li>Create soft links from messages that exist in A and do not
    exist in B. The name in B should not have any flags after the
    :, so it shows up as a new message.</li>

    <li>You can now do whatever you normally do with a maildir.
    Note that <tt>new</tt> is completely ignored, though. Moving
    messages IN and OUT of the shared folder involves copying the
    message as if it were a new message. Copying the message INTO
    the shared folder means copying the message into the underlying
    sharable folder's tmp/cur directory, and it will show up after
    the next sync.</li>
  </ul>
</body>
</html>