[Dovecot] question dovecot Inheritance global acl vs userfolder acl

Timo Sirainen tss at iki.fi
Tue May 1 03:29:51 EEST 2012


On Mon, 2012-04-30 at 20:55 +0200, Robert Schetterer wrote:
> Hi Timo
> my tests resulted in
> inheritance is given if a userfolder has set some acl to its new created
> subfolder , which is nice
> 
> if some userfolder has its acl from global acl
> there is no inheritance to its new created subfolders,
> that subfolders will always created with full owner rights
> 
> i am not really sure if its a good idea
> to have inheritance from global acl and
> if its hackabel what is your idea to this ?

There is no ACL inheritance feature in Dovecot at all. The only thing
that kind of appears as being inheritance is that when you create a new
mailbox, its ACLs are copied from the parent's (but any future changes
to parent ACLs won't change the child's.)

I've been planning on changing how global ACLs work though. The idea
would be that you'd have a single dovecot-global-acl file that has
fields:

<mailbox pattern> <ACL>

So for example you could say:

foo user=tss lrw

This would work the same way as now. But you could also add:

foo/* user=admin lrwstipekxa

This would also apply to the children. Still, none of this is really
"inheritance".




More information about the dovecot mailing list