[Dovecot] v1.2.beta1 released

Sascha Wilde wilde at intevation.de
Thu Feb 12 14:10:16 EET 2009 

Timo Sirainen <tss at iki.fi> writes:
> On Wed, 2009-02-11 at 11:00 +0100, Sascha Wilde wrote:
>> Could we by any chance get the latest small changes/enhancements:
>> - 'c' and 'd' in setacl
>
> Yes, this will definitely be included.

This is very good news.

>> - Displaying the actual user name instead of meta name "owner" on getacl
>>   output (see Bernhards patch in the "IMAP ACLs and global ACLs in v1.2"
>>   thread)

> That patch appears to be also changing owners to user=x? 

This is indeed quite possible -- I haven't seen it happen in my tests
though...

As Bernhard wrote him self on the patch: we are not sure it is the right
solution -- actually he is pretty sure it isn't ...  ;-)

> I wouldn't mind a patch that showed them to clients as user=x, but I
> don't want them to change when something else gets changed.

For us[0] changing what is shown to the client is sufficient.  Actually on
a second thought I agree with you, that keeping the special owner
keyword internally is preferable.

> Also I'm not entirely sure how it should be handled when user=x ACL is
> changed.  Should it remove the owner? Should it change the owner
> instead?

This is a good point.  IMO there are only a couple of possibilities:

- we could define that only the server-administrator is allowed to
  change owner acls by means of setting global acls or manually editing
  the dovecot-acl files.

  Rational: Users shouldn't be able to change the owners acls, to
  prevent them from shooting there own foots.

  In this case changing the acl for the user which maps to "owner" would
  be silently ignored.

- cyrus imapd actually tries[1] to implement a variant of this
  possibility in that it does not allow to remove the 'a' right from the
  owner: 
    s setacl INBOX/foo 1 at burlywood1.rgb lrswipkxtecd
    s OK Completed
    g getacl INBOX/foo
    * ACL INBOX/foo 1 at burlywood1.rgb lrswipkxtecda
    g OK Completed
    s setacl INBOX/foo 1 at burlywood1.rgb lrs
    s OK Completed
    g getacl INBOX/foo
    * ACL INBOX/foo 1 at burlywood1.rgb lrskxca
  I think this is worth considering.

- Allow everything allowed by the actual ACLs, so every user having
  a(dmin) rights is free to change all ACLs even if it leads to folders
  where no user has the right to change it any more.

  Rational: unix philosophy, obey to user demands and don't be nuisance,
  shooting ones own foot is a basic freedom...  ;-)

> I think the owner ACLs are usually in global ACL files, so
> it's probably not possible to remove or change it, only add a new
> user=x.

I think that it would be best to always map the owners user name to
the keyword "owner" and vice versa between the IMAP front end and the
acl back end.  This way user=x where x is the owners user name should
never appear in an dovecot-acl file.  So it boils down to the question
if the individual acl-files should take precedence over the global one
-- without having checked I assume this decision already has been made.

cheers
sascha

[0] Actually IMNSHO this subject is not only relevant to us:
    - The acl aware clients I know of don't recognize the special
      meaning of "owner".
    - This makes perfect sense, as there is no specified way to decide
      if the string "owner" in an IMAP ACL reply denotes an user
      actually named owner or is an special keyword denoting "the user
      owning the folder".
    - Finally, even if an client would recognize "owner" as an special
      keyword, it wouldn't be able to figure out who the owner actual
      is.  Which makes the information of rather low use. 
[1] I just tested some scenarios and it turned out they messed up on the
    details, so that one can actually end up with an folder which no
    user has admin rights one and the output of myrights and getacl is
    inconsistent -- quite funny!
-- 
Sascha Wilde                                          OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/                  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20090212/d93ddd1a/attachment.bin

More information about the dovecot mailing list