How to prevent folder deletion (by owner) and/or prevent messages being deleted when a folder is deleted
2012-01-10 12:05:53 GMT
I appreciate this has been discussed before but I don’t believe there was a solution given which met my needs so I thought I’d run this by the list.
I would like to prevent the owner of a mailbox deleting it, the reason being that if this is done accidently or maliciously the child messages are removed from the dbmail database and not recoverably without a major effort involving recovery from backups. Normally of course if someone accidently (or maliciously) deletes a message and even purges it the message remains in the database until dbmail-util is run with the correct flags. Unfortunately it is quite frequent for there to be a delay between a user deleting folder and this being brought to anyone’s attention. I’m sure everyone can imagine the user/admin conversations which have arisen as a result of user “finger trouble” etc.
Changing the permission flag in dbmail_mailboxes to 1 (from 2) has been suggested. This prevents a user deleting the mailbox but also prevents all changes to messages in the mailbox (or adding messages to it) which is too restrictive.
Using ACL permissions has also been suggested but this doesn’t help because the owner always has delete permission on their own mailbox. I suppose I could set up a system where all mailboxes are shared and people are not the owner of their “own” mailboxes but this seems like a lot of trouble given we have several thousand mailboxes.
I considered changing the permissions on the dbmail_mailboxes table for the dbmail user to prevent deletion but then realised that using MySQL I would have to remove all the dbmail uers permissions (which are currently “grant all” on the dbmail database) and set permissions one at a time for each table, doable and I expect this is the approach I should take, but I’d be concerned about such a level of interference on a production system.
So, would the best “quick fix” for me be to remove the foreign key constraints to prevent the deletion of a mailbox having the knock-on effect (i.e. of deleting all the contained messages from the folder from the database) which I’m trying to avoid? If so, should I just remove the dbmail_messages_ibfk_2 on dbmail_messages (cascade constraint on dbmail_mailboxes mailbox_idnr/mailbox_idnr). If I make this change does anyone know of any possible unforeseen consequences? The only one I can envisage is a situation where a mailbox is deleted and then another created (which I imagine could potentially have the same mailbox_idnr).
Clearly I’d prefer a dbmail “flag” or folder permission setting which achieves the same goal and if that exists I trust someone will let me know.
_______________________________________________ DBmail mailing list DBmail <at> dbmail.org http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail