[Dovecot] Users w/o acl access appear to be subscribed to public folders (1.1b8)
Adam McDougall
mcdouga9 at egr.msu.edu
Wed Nov 21 05:20:49 EET 2007
I noticed this today, I had a user outside of our department test out
dovecot. They were using squirrelmail and I noticed that dovecot thinks
this user is subscribed to ALL public folders even though a dovecot
ACL prevents all access. I'm pretty sure access is still denied.
I was able to reproduce this with a guest account I added:
l lsub "" "#shared/decs/%"
* LSUB (\Noselect) "/" "#shared/decs/linuxadmin"
* LSUB (\Noselect) "/" "#shared/decs/jbossadmin"
* LSUB () "/" "#shared/decs/support"
* LSUB () "/" "#shared/decs/receipts"
* LSUB (\Noselect) "/" "#shared/decs/pcadmin"
* LSUB () "/" "#shared/decs/network"
* LSUB (\Noselect) "/" "#shared/decs/printmaster"
* LSUB () "/" "#shared/decs/postmaster"
* LSUB (\Noselect) "/" "#shared/decs/unixadmin"
* LSUB () "/" "#shared/decs/security"
* LSUB (\Noselect) "/" "#shared/decs/webmaster"
l OK Lsub completed.
This only seems to happen when the acl plugin is enabled. Without the acl
plugin, these are not listed as subscriptions.
After deleting /egr/mail/shared/decs/dovecot-acl-list and re-enabling the
acl plugin, I get this:
l lsub "" "#shared/decs/%"
* LSUB () "/" "#shared/decs/unixadmin"
* LSUB () "/" "#shared/decs/support"
* LSUB () "/" "#shared/decs/security"
* LSUB () "/" "#shared/decs/printmaster"
* LSUB () "/" "#shared/decs/postmaster"
* LSUB () "/" "#shared/decs/pcadmin"
* LSUB () "/" "#shared/decs/network"
* LSUB () "/" "#shared/decs/linuxadmin"
* LSUB () "/" "#shared/decs/webmaster"
* LSUB () "/" "#shared/decs/jbossadmin"
l OK Lsub completed.
Is it related, or is it different just because a new dovecot-acl-list got
created by another user already (but is mode 700?)
More information about the dovecot
mailing list