[Kde-kiosk] kmail

[Segedunum]

On Sunday Sun, 27 Jun 2004 11:46:20, Ask Holme wrote:
> Yes, and thats the reason i said the solution would be an action
> restriction. (i will not comment nor apology for what else i said).

For security reasons it can't be an action restriction. This would be rather 
like taking away the option to run the Control Panel or the command prompt in 
Windows 9x. You physically still have access to these mails, and this can 
come back and bite you.

> POP3: the users can fetch it themself (imap doesn't apply who
> don't have the mail in that case). However then the permissions based
> approach becomes impossible because the user would require write access
> to the dirs containing mail when fetching mail from the pop3 server,
> however giving write access to the dir is the same as giving permission
> to delete files.

POP3 is not a realistic option because of this.

> Local MTA:

Procmail should be able to deliver mail to users on the server in this manner, 
but I don't know how.

> A kde action restriction on delete, combined with a correct URL
> restriction on konqueror (i'm asuming no shell access is set). would
> make it pretty hard to delete any mails at all.

The problem is that users still have access to the files. This is like trying 
to lock down Windows 9x (or any version of Windows) or trying to jump on 
every single mole hill in a field. It just isn't a secure enough and it will 
come back and bite you as there is always a way around it. Permissions at the 
source, perhaps in combination with action restrictions, is the way to go 
here.

David