[Dovecot] ACLs are applied recursively to sub mailboxes
Bernhard Herzog
bh at intevation.de
Mon Mar 16 21:33:09 EET 2009
On 13.03.2009, Bernhard Herzog wrote:
> On 10.03.2009, Timo Sirainen wrote:
> > I've been a bit busy (or lazy) recently and I'm not focusing on trying
> > to get the new dbox code working. I'll look at the ACL bugs at some
> > point, but you can probably get them fixed sooner if you do it yourself.
>
> I'm going to look into this.
OK. So far I've concentrated on the problem that ACLs set on the INBOX are
applied to all children of INBOX. E.g. if you have users frodo and bilbo,
and frodo does
x SETACL "INBOX" "bilbo" lsr
then bilbo will not only see frodo's INBOX as intended, but also all
subfolders. More precisely the ACL of the INBOX is used for all folders that
do not have their own ACL settings for bilbo.
Here's what I've found out so far:
The reason for the behavior is an aclobj with name "" which takes its actual
rights from the dovecot-acl file in the other user's INBOX. That aclobj is
used for the default ACLs used for mailboxes with ACL entry for the user and
for non-owners should normally be no rights at all and not taken from the ACL
of the INBOX.
That pathological aclobj is created in acl_backend_init:
backend->default_aclobj = acl_object_init_from_name(backend, NULL, "").
acl_object_init_from_name calls acl_backend_vfile_object_init, which sets the
aclobj's local_path. In this particular case -- name == "" and storage ==
NULL -- local_path will become the concatenation of the directory name
returned by
mailbox_list_get_path(_backend->list, NULL,
MAILBOX_LIST_PATH_TYPE_DIR)
and "/dovecot-acl", which at least in the case of maildir is in the owner's
INBOX directory. Later, when the user lists mailboxes, this file is actually
read to determine the rights.
That explains the observed behavior. I'm not sure yet how to fix it. I'll
look into that next.
Bernhard
--
Bernhard Herzog | ++49-541-335 08 30 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://dovecot.org/pipermail/dovecot/attachments/20090316/10b8b264/attachment.bin
More information about the dovecot
mailing list