[Dovecot] Patch: 2.0 support for URLAUTH, BURL, CATENATE

Mike Abbott michael.abbott at apple.com
Tue Dec 7 01:02:12 EET 2010


> when ACL plugin is loaded the master user by default has no permissions to any mailbox.

But without the ACL plugin a master user has all of the regular user's access, including unlimited read/write/delete powers.  Submit users don't because of COMMAND_FLAG_OK_FOR_SUBMIT_USER.

> So if some part of the code doesn't check for submit_user, it assumes the user itself logged in, which could be worse than assuming a master user logged in.

Touché.

> Maybe "master user" should have been named something more neutral, like "authentication user" or something..

Please no, not that.  Do you know how messy it is already to grep through the code for the words "master" and "user"?  If you do change this name make it something new to dovecot, like chameleon or usurper or something.


More information about the dovecot mailing list