[Dovecot] ACLs and public folders
hyperbatus at gmx.de
hyperbatus at gmx.de
Wed Mar 31 13:39:24 EEST 2010
I am using dovecot 1.0.15 on Debian Lenny. I have a public folder, I use ACL / vfile (without public ACL), and I use maildir / vmail. Now I have two questions:
1) http://wiki.dovecot.org/ACL states: "Mailboxes in public namespaces don't have owners, so by default no-one can access them." The same document, when explaining the meaning of the k flag in the ACLs, states: "Mailboxes can be created (or renamed) under this mailbox (there is no recursion, so creating a mailbox under this mailbox's child uses only the child's ACLs)"
I have placed an ACL (dovecot-ACL) at the root of the public namespace (all rights to anyone). The public namespace was appearing correctly in my IMAP client.
Then I have copied a large folder with hundreds of nested subfolders (nesting level > 3) from another account to the root of the public namespace.
According to the documentation mentioned above, this should not have been possible (if I got the docs right): The first nesting level of folder should have been created, but not the messages in them and for sure not the deeper nested folders. There is no dovecot-acl within a single of the first level folders (I have verified this), so no one should have access to them. Nevertheless, in addition to the succesful copy, I can see every folder and every message in my IMAP client, I can delete and so on.
Could some please explain if I got the docs wrong?
2) If there really is no ACL recursion, how are we supposed to copy large folder structures (perhaps thousands of folders, nested to 5 levels deep) to a public namespace? Do we need to create all folders by hand, then place the dovecot-acl in each folder, and then copy the messages to each folder by hand? Do we need to switch to global ACLs so that we can establish a master user for doing the act of filling the public space? Or is there a dovecot module which, immediately after creating a folder, looks into the parent folder of the new folder and copies the dovecot-acl from the parent folder to the new folder?
Currently, I am very happy that dovecot didn't what it should do according to my understanding of the documentation (since I really needed to copy this folder structure to the public namespace), but on the other hand, I am a bit puzzled now not knowing if the documentation is wrong, my understanding of it is wrong or the source code is wrong :-)
Thanks you very much for any help,
Here is the output of dovecot -n:
# 1.0.15: /etc/dovecot/dovecot.conf
log_timestamp: %Y-%m-%d %H:%M:%S
args: uid=vmail gid=vmail home=/home/vmail/%u
GMX DSL: Internet, Telefon und Entertainment für nur 19,99 EUR/mtl.!
More information about the dovecot