Hello,
When dovecot is configured with "acl_defaults_from_inbox = yes", ACL propagation when creating folders seems a bit strange to us.
The current behavior is :
- INBOX has some ACLs defined in its dovecot-acl file
- This ACL is the default for subfolders without a dovecot-acl file inside ("acl_defaults_from_inbox = yes")
- When creating a folder, a dovecot-acl file is created inside this folder with a copy of the contents of the dovecot-acl from the INBOX
The behavior we expected was :
- INBOX has some ACLs defined in its dovecot-acl file
- This ACL is the default for subfolders without a dovecot-acl file inside
- When creating a folder directly under INBOX, a dovecot-acl file should not be created, as the default from INBOX is already enforced. For subfolders, defaults from INBOX should not be propagated either in the dovecot-acl files.
Although dovecot-acl files in subfolders allow to have exceptions, most usage of "acl_defaults_from_inbox = yes" is probably to have mailbox-wide ACLs. In the current behavior, when someone removes an ACL from the INBOX, it will still be present in subfolders, which is error-prone in a setup where users expect that their INBOX ACL is enforced throughout their mailbox.
I think that avoiding propagating INBOX ACL when creating a new folder in the case where "acl_defaults_from_inbox" is activated would be more intuitive. Am I missing something ?
Cheers, Francois