On Mon, 2009-03-16 at 20:33 +0100, Bernhard Herzog wrote:
That pathological aclobj is created in acl_backend_init: backend->default_aclobj = acl_object_init_from_name(backend, NULL, "").
acl_object_init_from_name calls acl_backend_vfile_object_init, which sets the aclobj's local_path. In this particular case -- name == "" and storage == NULL -- local_path will become the concatenation of the directory name returned by mailbox_list_get_path(_backend->list, NULL, MAILBOX_LIST_PATH_TYPE_DIR) and "/dovecot-acl", which at least in the case of maildir is in the owner's INBOX directory. Later, when the user lists mailboxes, this file is actually read to determine the rights.That explains the observed behavior. I'm not sure yet how to fix it. I'll look into that next.
Hmm. I'm not sure if there's a reason for the existence of the default ACLs being looked up from dovecot-acl file. I think the initial fix could be to simply not do that. If someone really wants to have different default ACLs they could perhaps be stored in a file with different name.