Re: ACLs and such

[Hans Wilmer]

On Wed, Feb 05, 2003 at 07:47:45PM -0500, Rob Siemborski wrote:

 So, Offhand, I think the rest of your mail is to special purpose for
 general use, but I'll address this part of it, since its been brought up
 before.

At least the ability to automatically spread folders across several
partitions depending on their names can contribute to performance.

 Part of the design of cyrus includes the assumption that it's a bigger
 helpdesk headache when users blow away their own acls (and lose access)
 than it is if they are actually held bound to them.  Therefore, within a
 user's mailbox hierarchy, you cannot remove full rights for that user.

This is a very good point, though it took me some time to understand
it. I didn't realize that I cannot remove the 'a' flag from ACLs of
user.* mailboxes for their owners.

But I can still achieve what I want by creating an 'archives'
hierarchy outside the 'user' hierarchy. With permissions set
correctly, it's at least even more clear to the users what the
archives-stuff is about.

BTW, which IMAP clients or other programs are out there that allow
users to easily edit their ACLs? A webclient to just set ACLs would
also be ok. It would be *very* nice if I could tell our users to set
the permissions they want on their mailfolders all on their own :)

 There are various arguments against this, and I think the final
 decision was that we look at an implicit rights patch, whereby
 admins could specify what rights their users had on their
 mailboxes implicitly (and I seem to remember Ken even made one), but
 I can't locate it right now.  Ken?

So this provides control over what rights are inherited? Sounds good :)


GH

Re: Anyone using Linux LVM with cyrus?

[Hans Wilmer]

On Thu, Feb 06, 2003 at 08:42:00AM +0100, Simon Matter wrote:

 - Hardware IDE Raid: Most so called hardware RAID are simply software
 RAID, because the driver from the vendor does software RAID. Those
 driver are often binary only and they do RAID worse than the Linux MD
 driver does it. Until you want to go with true hardware RAID like 3ware,
 stay away from it.

Ja, I will. For one thing, it's not an option to rely on drivers
supplied by the vendor, as you might suddenly get stuck without any
driver at all as soon as a kernel update or something like that is
neccessary. Well, 3ware seems to be what most ppl recommend.

For another thing, I'm very reluctant with trusting any IDE hardware
RAID. Before building on it, I definitely want to see that it actually
works.

 - I've been using LVM on top of software RAID0,1,5. I've been told that
 the RAID function built in in LVM is not as good as Linux MD, YMMV.

hm

This sounds a bit overdone to me, but if it's better to use both
tools, why not :)

 - XFS on top of LVM/MD is very cool because you can grow volumes and
 filesystems on the fully operating server. In fact, growing XFS can only
 be done online.

XFS is a nice FS, but once I tried it and managed to damage some
data. It was probably my own fault, but I'm still a bit, hm, afraid of
using it. Otoh, I'd prefer XFS over reiserfs --- I don't like reiserfs
for no relevant reason, just a personal dislike.

 Unfortunately there were some issues with snapshotting with XFS.

Snapshotting? What's that?

 - ext3 on top of LVM/MD works well too. Snapshotting works well. Growing
 filesystems have to be done offline. There are tools to grow online, but
 this is dangerous.

Growing could be done offline, but I doubt that it'll ever be
needed.

The server may end up with about 15 million files on a 100 or 120 GB
partition at the time it is running out of disk space. My intention
was to use ext3 on that partition, but considering the large number of
files, I begin to doubt that ext3 is a good choice.

What do you guys think?


GH

informing users about quotas

[Hans Wilmer]

Hi,

how can users securely be informed about their quota usage?

It seems to be left to the clients to ignore or to not ignore the
warnings from cyrus. Unfortunately, the mozilla client ignores the
warnings, and incoming mail would be silently rejected once the user
is over quota.

Is there a tool (for cyrus 1.5.x as comes with Debian Woody) that
could be run by cron to send the users who are about to reach their
quota limit a warning message?


GH

ACLs and such

[Hans Wilmer]

Hi,

can I set quotas and ACLs for a user named 'test' like the
following ...


cm user.test
cm user.test.archives otherpartition

sq user.test 100
sq user.test.archives 1000

sam user.test.archives test lrswipca


... and nevertheless allow user 'test' to delete mails and folders
residing under user.test.archives by default?

The point is that the user must not be able to delete his 'archives'
folder, but he must be able to freely operate on anything that resides
within that folder.

The purpose of this is to force users to automatically and
transparently move old mail to another partition that physically
resides on cheap IDE disks, but to have all mail that's accessed more
frequently stored on fast SCSI disks. This would allow to run the
server without relevant storage limitations while keeping up excellent
performance at relatively low costs.

Another approach would be an option to specify by regular expressions
that folders with certain names (like 'archive.*') are always created
on certain partitions. A more sophisticated implementation of that
would additionally allow to specify certain levels of how deeply
folders are nested in the hierarchy to decide on what partition the
folder is physically stored. Just like that in /etc/imapd.conf:


defaultpartition: default
partition-default: /var/spool/cyrus/mail

partition-newpart: /data-1/newpart
foldername-newpart: *archive.*

partition-nesting: /data-2/nesting
nestlevel-nesting: 5


Thereby, user.test would reside on /var/spool/cyrus/mail,
user.test.archive would go to /data-1/newpart, and anything nested
deeper than five folders is put to /data-2/nesting.

Maybe even a combination of nameing and nesting would be nice, though
I currently can't see its practical use.

Hm, this could be especially interesting in environments that handle
larger numbers of users:


partition-usera: /data/usera
foldername-usera: user.a*

partition-userb: /data/userb
foldername-userb: user.b*
# ... and so on


Further extend this to use some other storage method than direct
file-system access, like networked access to another server ... At
least, allow to store mails redundantly on a number of partitions for
backup purposes or for keeping a cluster of servers in sync :)


GH

Re: creating user-mailboxes without cyradm

[Hans Wilmer]

On Mon, Jan 27, 2003 at 12:28:56PM -0500, Ken Murchison wrote:

  is there a way to create INBOXes for users by IMAP-commands
 
 Sure, read RFC 2060.  You'd do tag CREATE user/username

How is this dealt with in respect to security and reliability?

Just write a script that logs in and automatically creates mailboxes
from randomly generated (user-) names until the storage is
full. That's sort of making DOS attacks utterly easy.


GH

Re: creating user-mailboxes without cyradm

[Hans Wilmer]

On Wed, Feb 05, 2003 at 02:13:55PM -0500, Rob Siemborski wrote:

  How is this dealt with in respect to security and reliability?
 
 Only admins can do this for any username, there is a config option that
 allows authenticated users to do this for their own mailbox, but no
 others.

Ah! THX, I've tried it now and found it working as it should :)

  full. That's sort of making DOS attacks utterly easy.
 
 If your admins are trying to DOS you, you've got bigger problems.

Well, I'm always using the latest lart from cvs, in a prophylactic
manner ;)


GH

Re: Anyone using Linux LVM with cyrus?

[Hans Wilmer]

On Wed, Feb 05, 2003 at 04:36:03PM -0400, Patrick Boutilier wrote:

 We are using LVM to give the ability to add disk space and expand our 
 reiserfs when necessary.

Is it possible to add disc space with ext3fs and LVM, too?

 We are using LVM on top of hardware RAID 5 so as long as 2 disks don't 
 fail at once we should be OK.

Hm, sounds nice :)

To be more specific, what I've in mind is a setup like that, for
60--100 users:


+  18 or 36 GB SCSI: system itselfe and about 20--25 GB /var for
   incoming/outgoing mail (incl. virus scanning) and the more actively
   used part of the cyrus mail store, quota of about 100 MB/user or
   10 GB shared by the user.* hierarchy on it

+  120 GB IDE to keep another cyrus mail store partition (archive)
   Users should move older mail from the default partition to
   the archive. Some shared folders will probably reside on the IDE
   discs, too. The archives will provide a quota of 1 GB/user.


Two identical 120 GB IDE discs should be used to keep and mirror the
archive. The SCSI disc should be mirrored also (at least the /var
partition), though I'm not sure yet whether it's better to use a
second SCSI disc for that or if it's a good idea to divide the IDEs
into partitions of 100 GB and 20 GB each, so that the SCSI disc can be
mirrored to the 20 GB partitions on the IDEs.

Daily backups will probably be done to another 120 GB IDE disc. I'll
use ext3fs for all partitions --- reiserfs or even xfs may have
advantages, but I like ext3 more, and the expected number of files
that have to be handled should be still ok for ext3.

Is this a reasonable setup, and can it reliably be done with LVM? Or
is it better to use raidtools2 for it?

Or would you suggest to use hardware IDE RAID instead, maybe by
forgoing SCSI?

Any suggestions are appreciated --- I don't know how flexible LVM can
make things, so a totally different setup might be even better.


GH