On Thu, 2009-02-12 at 13:10 +0100, Sascha Wilde wrote:
- cyrus imapd actually tries[1] to implement a variant of this possibility in that it does not allow to remove the 'a' right from the owner:
I implemented this to Dovecot now too.
I think the owner ACLs are usually in global ACL files, so it's probably not possible to remove or change it, only add a new user=x.
I think that it would be best to always map the owners user name to the keyword "owner" and vice versa between the IMAP front end and the acl back end. This way user=x where x is the owners user name should never appear in an dovecot-acl file.
I did consider this too, but then I thought that it could cause wrong results in some special situations. For example if another user's mailbox is symlinked to your private namespace and you change your own rights, it really should change them and not the owner's.
So it boils down to the question if the individual acl-files should take precedence over the global one -- without having checked I assume this decision already has been made.
IIRC in v1.1 mailbox ACL files take precedence, but in v1.2 globals take precedence. I changed it because users shouldn't be able to override admin's decisions.