-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 16 Jun 2009, Steffen Kaiser wrote:
playing around with Dovecot's v1.2 ACLs I wondered about some things about the dovecot-acl files:
- They are created within the Maildirs, as described in http://wiki.dovecot.org/ACL.
But why? Shouldn't they belong to the CONTROL= directories? So it is more compatible with filesystem quota.
- They have 0666 permissions, but all other files (e.g. when I create a new mailbox) have 0660 permissions.
Are the permissions selected explicitly to allow "a"-right for other (system) users?
OK, because of the "a"-right, any user must be potentially able to change the dovecot-acl files, hence, they are neither in the CONTROL directory nor permissions other than 0666. But why has dovecot-acl-list permissions 0660?
It looks like Dovecot first writes a temp file (*.lock), then replaces the dovecot-acl file only, if no over quota happens. There is a problem, if dovecot-acl could be updated, but dovecot-acl-list could not. SETACL succeeds in this case, is this a problem?
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSjecKnWSIuGy1ktrAQLQTgf+KcqbDLsVp3D5GBVGlRZamxmZYzietdpT oOYqIupoFkFpM+G//kHCKYBRF2szdpJKxywYeJR4LRTT7pEkW51p+FIRc0B+qAGO XRBX+K1X/JAXHKabA+ruWOWWE0F9bWrB7AqxiW44rGxXP7mTezaDLYTOVG5ojHx3 2su3CAmPX18TSKWy/V98OdPGcd+LxvsotQi1a+5fky47LKZRtVxzxp5ZqTtyRB1g EorY2u+B2dZfYhFjwJoqxtqiHpVjIPBeXxQcOO5Fbg/SHVLL01TrzmqDeMu5DazT 8A63YZc1hWTDhddQUljs5e6tT7Hsfx/0FvZhzEZQfJsCC7EZT3UiiQ== =qXTX -----END PGP SIGNATURE-----