💾 Archived View for bbs.geminispace.org › s › misfin › 1800 captured on 2023-07-10 at 14:02:46. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-06-16)
-=-=-=-=-=-=-
As I'm working on my Misfin implementation, I'm also working up some ideas for how to best make a multi-user and possibly remote setup work, with respect to users being able to read their own mail (and only their own mail). I'm going to describe some half formed thoughts I've been kicking around and see if anyone has any thoughts on the subject. This is all going to be pretty much outside the spec, as I'm thinking in terms of storage and access to it. Note that this is all in the context of some form of Unix host, and the ideas won't work for eg Windows.
My basic plan is to have domains, users, and mail folders laid out in the filesystem on disk somthing like this:
mailstore mailstore/mail.gmi.org mailstore/mail.gmi.org/jane mailstore/mail.gmi.org/jane/Lists mailstore/mail.gmi.org/jane/Lists/891249.gmi mailstore/mail.gmi.org/jane/Lists/476324.gmi mailstore/mail.gmi.org/jane/blurb mailstore/mail.gmi.org/jane/fingerprint mailstore/mail.gmi.org/jane/Inbox mailstore/mail.gmi.org/jane/Inbox/867017.gmi mailstore/mail.gmi.org/jane/Inbox/488571.gmi
Here the server is servicing the domain `mail.gmi.org` with a user `jane`, and the blurb file contains her full name (or whatever name she wishes to present on outgoing mail) and the fingerprint file contains, or course, the fingerprint of her client certificate.
As for access I'm thinking of leveraging Unix permissions, but I don't want any part of the service running with elevated priviledge. That means that all of the mailstore will be owned by the user which the server runs as. But each user on the server would get a corresponding group, in Jane's case this would be 'jane.mail.gmi.org', and the mail server user would be a member of this group, with the folder for her account set to allow rw permissions for the owner and for that group, and no access allowed for anyone else.
At this point, there are a couple of options for allowing Jane to get her mail. One is with ssh access, which is pretty easy to set up. We create a user who's primary group is 'jane.mail.gmi.org', and set that user's home directory to the mail folder, and set up ssh to allow her to log in and see only those files. She (or a client) can also fetch them using scp or preferably rsync.
This is the part where I think it can get interesting. If a `git-daemon` process is also configured and running then Jane's mailbox could also be placed in version control and managed via git. In this scenario, the git-daemon process would likely run as the same uid as the Misfin mail server. I like this idea, because you could just clone your mailbox onto each computer you want to access your Misfin mail from and `git rm <some-path; git commit; git push;` to delete a message, while being able to roll back your mailbox to an earlier state if you think you made a mistake.
The only drawback I see is that a busy server would have a lot of users and groups set up just for Misfin, but supposing the box was set up as a Tilde type of server already this would already be the case and thus not a problem. Also in this case, if the user had an account on the machine already, then there could just be a symlink from ~/Mail to the actual place on the filesystem where their mailbox resides.
Thoughts?
2023-06-10 · 4 weeks ago
My plan would be to create a Gemini front-end with which people can read and write mail only if they have the correct client certificate. I like your ideas as well, though, although I don’t know enough to understand whether the git idea is fully secure.
Allowing ssh (and therefore scp/ rsync) is definitely something I would do in addition to a Gemini frontend.
I use the first person because I do plan on implementing a version of this at some point.
2023-06-11 · 4 weeks ago
Since what I'm writing is a library at the moment it could actually be used in the way you describe, too. In fact I'm planning on putting the filesystem storage backend behind a feature gate at some point, so that you don't pay for what you don't use.
The idea of a Gemini/Titan frontend is obviously something that would have a lot of appeal. I would love to see this happen both for people who would rather access it through a browser and for those who prefer a command line interface, so I'm glad to hear that you want to work on the former.
As an addition to what I've described above, I'm thinking that a user could upload their outgoing mail to an "Outbox" folder. The server would keep a watch on it and periodically send anything it finds in there. That makes for a nice simple mechanism for sending mail, if you don't own the server or are physically in a different location.
I also support a front end and command line interface. I mostly interact with Gemini from my phone so this would be ideal
2023-06-29 · 11 days ago