[Dovecot] IMAP ACLs and global ACLs in v1.2

Sascha Wilde wilde at intevation.de
Fri Feb 6 11:36:09 EET 2009


Robert Schetterer <robert at schetterer.org> writes:
> Bernhard Herzog schrieb:
>> On 15.01.2009, Sascha Wilde wrote:
>>>> But should it just internally convert "owner" to "username" when
>>>> replying?
>>> From our experience this would be a very good idea.  Many clients
>>> recognize the username and handle those ACLs differently in there UI
>>> (for example they don't offer them for editing).  But they don't
>>> understand "owner".
>> 
>> To work around this, we created a patch that tries to avoid the owner ACL 
>> entries.
[...]
> i dont think you should mess around what clients think
> where should this end , the technical right and most clear description
> is owner, username can be very wide interpreted and may lead
> to technical problems in reading imap-acl i.e from horde imp or other
> mail clients later, as far i remember owner is use i.e in exchange too

Hi Robert,

I'm not quite sure if we are talking about the same thing.  This is
about the reply to the getacl command in the imap protocol (in opposite
to the output in the clients UI).

I don't know about exchange, but most clients don't know about dovecots
special meaning of "owner" but simply consider it an ordinary user name.

On the other hand I know horde imp (the Kolab Webclient is horde based)
and I can assure you that it gets confused by dovecots current behavior:
it does not recognize "owner" as "the actual owner of that mailbox" and
does not handle the ACL in any special way while it _does_ recognize
when the returned username is matching the current user and for instance
horde prevents the user from changing his own right.

Further more there is no way in the IMAP ACL extension to determine the
"owner" of an mailbox I'm aware of, so there would be no way for an
client to resolve the "owner" ACL to an actual user, which makes the
information rather useless.

cheers
-- 
Sascha Wilde                                          OpenPGP key: 4BB86568
http://www.intevation.de/~wilde/                  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück; AG Osnabrück, HR B 18998
Geschäftsführer:   Frank Koormann,  Bernhard Reiter,  Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20090206/b597b4e3/attachment-0001.bin 


More information about the dovecot mailing list